Description
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: from n/a through <= 2.2.7.
Published: 2025-09-03
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves unsafe deserialization of untrusted data in enituretechnology's LTL Freight Quotes – Daylight Edition plugin. By injecting crafted objects during deserialization, an attacker could potentially execute arbitrary code or otherwise compromise the WordPress site. The weakness is classified as insecure deserialization, a common vector for escalating privileges or running malicious code.

Affected Systems

This issue affects the WordPress plugin LTL Freight Quotes – Daylight Edition from its earliest release up through version 2.2.7. The product is maintained by enituretechnology.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity, but the EPSS score of less than 1% suggests a low probability that this flaw will be actively exploited at present. The vulnerability is not listed by CISA in the KEV catalog. The attack vector is inferred to involve a crafted serialized payload that the plugin processes without adequate validation, likely via a web request or user input field integrated into the plugin's functionality.

Generated by OpenCVE AI on April 30, 2026 at 02:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LTL Freight Quotes – Daylight Edition to the latest available version that eliminates the unsafe deserialization path
  • If an immediate update is not possible, disable the plugin or restrict access to any interfaces that accept serialized input, and add input validation to reject untrusted data
  • Conduct a broader review of all WordPress plugins for similar deserialization issues, keeping them updated and applying secure coding practices such as strict type checks

Generated by OpenCVE AI on April 30, 2026 at 02:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-26529 Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7. Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: from n/a through <= 2.2.7.
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Enituretechnology
Enituretechnology ltl Freight Quotes
Wordpress
Wordpress wordpress
Vendors & Products Enituretechnology
Enituretechnology ltl Freight Quotes
Wordpress
Wordpress wordpress

Wed, 03 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Sep 2025 14:45:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7.
Title WordPress LTL Freight Quotes – Daylight Edition Plugin <= 2.2.7 - PHP Object Injection Vulnerability
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Enituretechnology Ltl Freight Quotes
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:39:57.920Z

Reserved: 2025-09-03T09:03:20.489Z

Link: CVE-2025-58643

cve-icon Vulnrichment

Updated: 2025-09-03T17:18:46.110Z

cve-icon NVD

Status : Deferred

Published: 2025-09-03T15:15:48.110

Modified: 2026-04-23T15:33:30.847

Link: CVE-2025-58643

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:45:16Z

Weaknesses