CVE-2024-13485
📋 TL;DR
This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through the 'edit_id' and 'dropship_edit_id' parameters. Attackers can extract sensitive information from the database, including user credentials, plugin settings, and potentially other WordPress data. All WordPress sites using this plugin up to version 3.3.7 are affected.
💻 Affected Systems
- LTL Freight Quotes – ABF Freight Edition WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to credential theft, data exfiltration, privilege escalation, and potential site takeover.
Likely Case
Extraction of sensitive plugin data, user information, and potentially WordPress admin credentials.
If Mitigated
Limited information disclosure if database permissions are properly restricted and sensitive data is encrypted.
🎯 Exploit Status
Unauthenticated exploitation via HTTP requests to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.3.8 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'LTL Freight Quotes – ABF Freight Edition'. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 3.3.8+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns targeting the vulnerable parameters.
Parameter Input Validation
allImplement input validation to restrict 'edit_id' and 'dropship_edit_id' parameters to expected formats.
🧯 If You Can't Patch
- Disable or remove the LTL Freight Quotes plugin immediately.
- Implement strict network segmentation and access controls to limit exposure of vulnerable systems.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for LTL Freight Quotes version. If version is 3.3.7 or lower, system is vulnerable.Check Version:
wp plugin list --name='ltl-freight-quotes-abf-freight-edition' --field=version (WP-CLI)Verify Fix Applied:
Confirm plugin version is 3.3.8 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in WordPress logs
- HTTP requests containing SQL injection patterns in 'edit_id' or 'dropship_edit_id' parameters
- Multiple failed database queries from single IP
Network Indicators:
- HTTP POST/GET requests with SQL keywords in parameters
- Unusual traffic patterns to plugin-specific endpoints
SIEM Query:
source="wordpress.log" AND ("edit_id" OR "dropship_edit_id") AND ("UNION" OR "SELECT" OR "INSERT" OR "UPDATE" OR "DELETE" OR "DROP" OR "OR 1=1")🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242640%40ltl-freight-quotes-abf-freight-edition&new=3242640%40ltl-freight-quotes-abf-freight-edition&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9fbb4f9a-4c68-4ddb-8e49-9629114b11ec?source=cve
