Description
Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through <= 2.5.8.
Published: 2025-02-16
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a broken access control flaw in the enituretechnology LTL Freight Quotes – Unishippers Edition WordPress plugin that allows an attacker to bypass authorization checks due to incorrectly configured access control security levels. Because the plugin fails to verify user permissions before allowing certain actions, an attacker with minimal access could perform privileged operations, potentially exposing sensitive shipping data or modifying configuration settings. The flaw is classified as CWE‑862, indicating missing authorization.

Affected Systems

Vendors and products affected are enituretechnology’s WordPress plugin LTL Freight Quotes – Unishippers Edition. All releases from the first available version up through version 2.5.8 are vulnerable. No other vendor or product is listed.

Risk and Exploitability

The CVSS score is 6.5, indicating a medium impact. The EPSS is reported as less than 1 %, meaning the likelihood of exploitation is very low at the time of this analysis. The vulnerability is not yet listed in the CISA KEV catalog, so no publicly known exploits have been observed. The most likely attack vector is through unauthenticated or low‑privileged HTTP requests to the plugin’s admin endpoints, where the missing authorization check can be leveraged to gain elevated rights.

Generated by OpenCVE AI on May 1, 2026 at 16:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the LTL Freight Quotes – Unishippers Edition plugin to a version newer than 2.5.8, where the missing authorization issue has been addressed.
  • Restrict access to the plugin’s admin URLs by configuring WordPress role permissions or using web server access controls, ensuring only trusted administrators can reach these endpoints.
  • Audit WordPress user roles and capabilities to confirm that no non‑admin users have permissions that could be abused by this vulnerability.

Generated by OpenCVE AI on May 1, 2026 at 16:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2689 Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8. Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through <= 2.5.8.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00069}

 epss

{'score': 0.00077}

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00096}

 epss

{'score': 0.00069}

Fri, 23 May 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Eniture
Eniture ltl Freight Quotes
CPEs cpe:2.3:a:eniture:ltl_freight_quotes:*:*:*:*:unishippers:wordpress:*:*
Vendors & Products Eniture
Eniture ltl Freight Quotes

Tue, 18 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 16 Feb 2025 22:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.
Title WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Eniture Ltl Freight Quotes
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:10:58.996Z

Reserved: 2025-01-03T13:15:52.398Z

Link: CVE-2025-22289

cve-icon Vulnrichment

Updated: 2025-02-18T16:10:00.462Z

cve-icon NVD

Status : Modified

Published: 2025-02-16T23:15:09.567

Modified: 2026-04-23T15:22:57.010

Link: CVE-2025-22289

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T16:15:20Z

Weaknesses