3 matches found
CVE-2024-13490
creationtimestamp| type| source ---|---|--- 2025-02-12 09:58:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113990323158713982 2025-02-12 10:16:07+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwxgthvf2g 2025-02-12 11:10:48+00:00| seen|...
CVE-2024-13490 LTL Freight Quotes – XPO Edition <= 4.3.7 - Unauthenticated SQL Injection
The LTL Freight Quotes – XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 4.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13490
CVE-2024-13490 affects the LTL Freight Quotes – XPO Edition WordPress plugin. The vulnerability is an unauthenticated SQL Injection caused by insufficient escaping and poor query prep in the edit_id and dropship_edit_id parameters, exploitable in all versions up to 4.3.7. Remediation: upgrade to ...