exploitDog

CVE-2025-1483

Опубликовано: 20 фев. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings.

Ссылки

https://plugins.trac.wordpress.org/changeset/3243002/
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/0906e9b0-5093-4ddd-8868-8fcaad8e3a5b?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wwexgroup:ltl_freight_quotes:*:*:*:*:globaltranz:wordpress:*:*

Версия до 2.3.13 (исключая)

EPSS

Процентиль: 44%

0.0021

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-p9x4-6h28-9q9r

CVSS3: 5.3

github

12 месяцев назад

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings.

EPSS

Процентиль: 44%

0.0021

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862