CVE-2024-13480
📋 TL;DR
This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated attackers to execute arbitrary SQL queries through the 'edit_id' and 'dropship_edit_id' parameters. Attackers can extract sensitive database information including user credentials, plugin data, and potentially other WordPress data. All WordPress sites using this plugin up to version 3.4.1 are affected.
💻 Affected Systems
- LTL Freight Quotes – For Customers of FedEx Freight WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to credential theft, data exfiltration, privilege escalation, and potential site takeover.
Likely Case
Extraction of sensitive plugin data, user information, and potential access to WordPress database tables.
If Mitigated
Limited information disclosure if database permissions are properly restricted and sensitive data is encrypted.
🎯 Exploit Status
SQL injection via GET/POST parameters requires minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.4.1
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'LTL Freight Quotes – For Customers of FedEx Freight'. 4. Click 'Update Now' if available, or manually update to latest version. 5. Verify plugin is updated to version after 3.4.1.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
WordPressDisable the vulnerable plugin until patched
wp plugin deactivate ltl-freight-quotes-fedex-freight-edition
WAF Rule Implementation
allBlock SQL injection patterns targeting edit_id and dropship_edit_id parameters
🧯 If You Can't Patch
- Disable the plugin immediately
- Implement web application firewall rules to block SQL injection patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → LTL Freight Quotes version. If version is 3.4.1 or lower, you are vulnerable.Check Version:
wp plugin get ltl-freight-quotes-fedex-freight-edition --field=versionVerify Fix Applied:
Verify plugin version is higher than 3.4.1 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in WordPress logs
- Multiple requests with SQL-like patterns in edit_id/dropship_edit_id parameters
- Unexpected database queries from web server
Network Indicators:
- HTTP requests containing SQL keywords in edit_id/dropship_edit_id parameters
- Unusual traffic patterns to plugin endpoints
SIEM Query:
web.url:*edit_id* AND (web.query:*UNION* OR web.query:*SELECT* OR web.query:*INSERT* OR web.query:*UPDATE* OR web.query:*DELETE*)🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3238359%40ltl-freight-quotes-fedex-freight-edition&new=3238359%40ltl-freight-quotes-fedex-freight-edition&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a9b6f7a3-83eb-4352-9db6-ab4b03241702?source=cve
