The vulnerability arises from deserialization of untrusted data within the Eniture Technology LTL Freight Quotes – TQL Edition WordPress plugin, enabling arbitrary object injection. This flaw can allow an attacker to execute code on the host server with the permissions of the web application, potentially compromising all content, credentials, and system integrity. The weakness is classified as CWE-502, reflecting improper validation of serialized data. The CVSS score of 7.2 indicates a high severity potential for exploitation.

Eniture Technology's LTL Freight Quotes – TQL Edition WordPress plugin affects installations using versions up to and including 1.2.6. No specific lower bound is listed, implying all earlier releases are also vulnerable. The plugin supplies freight quoting functionality to WordPress sites and is widely deployed across commercial and personal websites.

The EPSS score of less than 1% indicates limited observed exploitation, while the high CVSS score and lack of listing in CISA KEV suggest the risk remains significant. Based on the description, it is inferred that an attacker could trigger the vulnerability by submitting crafted serialized data to the plugin, potentially leading to remote code execution. The exact transport mechanism (e.g., through HTTP requests to specific plugin endpoints) is not detailed in the CVE data, so the precise attack surface remains uncertain.