Description
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through <= 2.1.11.
Published: 2025-09-03
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a PHP Object Injection flaw caused by deserialization of untrusted input in the LTL Freight Quotes – Day & Ross Edition plugin. Crafting a malicious payload allows an attacker to instantiate arbitrary PHP objects, potentially executing code on the server. The weakness is classified as CWE‑502, indicating unsafe deserialization.

Affected Systems

The affected product is the LTL Freight Quotes – Day & Ross Edition plugin by Eniture Technology. Versions n/a through 2.1.11 are vulnerable. All users running any supported or older version up to and including 2.1.11 are impacted.

Risk and Exploitability

The CVSS score of 7.2 indicates significant potential impact with moderate difficulty to exploit. The EPSS score of less than 1 % suggests that exploitation attempts are currently rare. This vulnerability is not listed in the CISA KEV catalog. Based on the description, the plugin operates within a WordPress site, and the most likely attack vector would involve sending crafted data to the plugin’s deserialization endpoint, typically via an HTTP request to an administrative URL. Attackers with sufficient access could then trigger object injection to gain arbitrary code execution on the site.

Generated by OpenCVE AI on April 30, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LTL Freight Quotes – Day & Ross Edition to a version newer than 2.1.11.
  • If immediate upgrade is not feasible, employ a Web Application Firewall rule to block or rate‑limit requests to the plugin’s deserialization endpoint and restrict access to administrative URLs via IP whitelisting or authentication.
  • Continuously monitor the plugin’s API endpoints for anomalous requests and audit the site for signs of exploitation.

Generated by OpenCVE AI on April 30, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-26530 Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition allows Object Injection. This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through 2.1.11.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition allows Object Injection. This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through 2.1.11. Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through <= 2.1.11.
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Enituretechnology
Enituretechnology ltl Freight Quotes
Wordpress
Wordpress wordpress
Vendors & Products Enituretechnology
Enituretechnology ltl Freight Quotes
Wordpress
Wordpress wordpress

Wed, 03 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Sep 2025 14:45:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition allows Object Injection. This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through 2.1.11.
Title WordPress LTL Freight Quotes – Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection Vulnerability
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Enituretechnology Ltl Freight Quotes
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:38:36.687Z

Reserved: 2025-09-03T09:03:20.489Z

Link: CVE-2025-58642

cve-icon Vulnrichment

Updated: 2025-09-03T17:19:00.651Z

cve-icon NVD

Status : Deferred

Published: 2025-09-03T15:15:47.920

Modified: 2026-04-23T15:33:30.730

Link: CVE-2025-58642

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T15:30:16Z

Weaknesses