CVE-2024-13489 – This SQL injection vulnerability in the LTL Fre... (How to Fix)

Q: What is the severity of CVE-2024-13489?

CVE-2024-13489 has a CVSS score of 7.5 (HIGH). This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through specific parameters. Attackers can extract sensitive database information including user credentials, configuration data, and other private information. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through specific parameters. Attackers can extract sensitive database information including user credentials, configuration data, and other private information. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

LTL Freight Quotes – Old Dominion Edition WordPress Plugin

Versions: All versions up to and including 4.2.10

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with vulnerable plugin versions are affected regardless of WordPress configuration.

📦 What is this software?

Ltl Freight Quotes by Eniture

View all CVEs affecting Ltl Freight Quotes →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, data exfiltration, privilege escalation, and potential website takeover.

🟠

Likely Case

Extraction of sensitive data including user information, plugin configurations, and potentially WordPress credentials.

🟢

If Mitigated

Limited information disclosure if database permissions are properly restricted and input validation is implemented elsewhere.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation via web requests makes all vulnerable sites immediately accessible to attackers.

🏢 Internal Only: MEDIUM - Internal systems could still be vulnerable if accessed via internal networks, though attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated exploitation via HTTP requests to vulnerable endpoints with SQL injection payloads in edit_id and dropship_edit_id parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 4.2.10

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242160%40ltl-freight-quotes-odfl-edition&new=3242160%40ltl-freight-quotes-odfl-edition&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'LTL Freight Quotes – Old Dominion Edition'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin immediately.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Implement WAF rules to block SQL injection patterns in edit_id and dropship_edit_id parameters

Parameter Input Validation

all

Add server-side validation to restrict edit_id and dropship_edit_id parameters to expected formats

🧯 If You Can't Patch

Immediately deactivate and remove the vulnerable plugin from all WordPress installations
Implement strict network access controls to limit access to affected WordPress instances

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for 'LTL Freight Quotes – Old Dominion Edition' version 4.2.10 or earlier

Check Version:

wp plugin list --name='ltl-freight-quotes-odfl-edition' --field=version (if WP-CLI installed)

Verify Fix Applied:

Verify plugin version is higher than 4.2.10 in WordPress admin panel, or confirm plugin is completely removed

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in WordPress logs
HTTP requests containing SQL keywords in edit_id or dropship_edit_id parameters
Multiple failed query attempts from single IPs

Network Indicators:

HTTP POST/GET requests with SQL injection payloads
Unusual database query patterns from web server

SIEM Query:

source="wordpress.log" AND ("edit_id" OR "dropship_edit_id") AND ("UNION" OR "SELECT" OR "INSERT" OR "UPDATE" OR "DELETE" OR "DROP" OR "OR 1=1")

📊 Metadata

CVE ID: CVE-2024-13489

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 4.3% exploit probability (88.6th percentile)

Published: February 19, 2025

Last Updated: February 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13489, you might also want to check these: