CVE-2024-13473
📋 TL;DR
This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated attackers to execute arbitrary SQL queries through the 'dropship_edit_id' and 'edit_id' parameters. Attackers can extract sensitive database information including user credentials, plugin data, and potentially WordPress core data. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- LTL Freight Quotes – Worldwide Express Edition WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to credential theft, data exfiltration, privilege escalation, and potential site takeover.
Likely Case
Extraction of sensitive plugin data, user information, and potential credential harvesting for further attacks.
If Mitigated
Limited information disclosure if database permissions are properly restricted and input validation is enforced elsewhere.
🎯 Exploit Status
SQL injection via URL parameters requires minimal technical skill. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 5.0.21 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'LTL Freight Quotes – Worldwide Express Edition'. 4. Click 'Update Now' if available. 5. If no update appears, download version 5.0.21+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the plugin until patched version is available
wp plugin deactivate ltl-freight-quotes-worldwide-express-edition
Web Application Firewall rule
allBlock requests containing SQL injection patterns targeting the vulnerable parameters
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries at application level
- Restrict database user permissions to minimum required for plugin functionality
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → LTL Freight Quotes plugin version. If version is 5.0.20 or lower, system is vulnerable.Check Version:
wp plugin get ltl-freight-quotes-worldwide-express-edition --field=versionVerify Fix Applied:
Confirm plugin version is 5.0.21 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in WordPress logs
- Multiple requests to plugin endpoints with SQL-like parameters
- Requests containing 'dropship_edit_id' or 'edit_id' with SQL syntax
Network Indicators:
- HTTP requests with SQL injection payloads in URL parameters
- Unusual database query patterns from web server
SIEM Query:
source="wordpress.log" AND ("dropship_edit_id" OR "edit_id") AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "UPDATE")🔗 References
- https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-worldwide-express-edition/trunk/warehouse-dropship/wild/includes/wwe-ltl-wild-delivery-save.php#L264
- https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-worldwide-express-edition/trunk/warehouse-dropship/wild/includes/wwe-ltl-wild-delivery-save.php#L387
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215844%40ltl-freight-quotes-worldwide-express-edition&new=3215844%40ltl-freight-quotes-worldwide-express-edition&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4e72828e-a6f6-43fc-8a10-d9908004c0fc?source=cve
