CVE-2024-13479
📋 TL;DR
This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated attackers to execute arbitrary SQL queries against the database. All WordPress sites using this plugin up to version 3.2.4 are affected, potentially exposing sensitive data like user credentials, payment information, and other database contents.
💻 Affected Systems
- LTL Freight Quotes – SEFL Edition WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including exfiltration of all sensitive data, privilege escalation, and potential site takeover via administrative credential theft.
Likely Case
Data exfiltration of sensitive information from the database, potentially including user credentials, shipping data, and plugin-specific information.
If Mitigated
Limited impact with proper input validation and WAF rules blocking SQL injection patterns.
🎯 Exploit Status
Exploitation requires no authentication and targets specific parameters, making it relatively straightforward for attackers with SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.2.4
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'LTL Freight Quotes – SEFL Edition'. 4. Click 'Update Now' if available. 5. If no update appears, manually download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Input Validation Filter
allAdd input validation for dropship_edit_id and edit_id parameters to restrict to expected data types
Temporary Plugin Deactivation
allDeactivate plugin until patch can be applied if immediate update is not possible
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to block SQL injection patterns targeting dropship_edit_id and edit_id parameters
- Restrict access to affected plugin endpoints using .htaccess or web server configuration rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for LTL Freight Quotes – SEFL Edition version numberCheck Version:
wp plugin list --name='LTL Freight Quotes – SEFL Edition' --field=version (if WP-CLI installed)Verify Fix Applied:
Verify plugin version is greater than 3.2.4 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in WordPress debug logs
- Multiple requests to plugin endpoints with SQL injection patterns in parameters
Network Indicators:
- HTTP requests containing SQL keywords (UNION, SELECT, etc.) in dropship_edit_id or edit_id parameters
SIEM Query:
source="wordpress.log" AND ("dropship_edit_id" OR "edit_id") AND ("UNION" OR "SELECT" OR "FROM" OR "WHERE" OR "--" OR "' OR '")