PT-2025-7514 · WordPress · Ltl Freight Quotes – Globaltranz Edition
Colin Xu
·
Published
2025-02-20
·
Updated
2025-02-25
·
CVE-2025-1483
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LTL Freight Quotes – GlobalTranz Edition plugin for WordPress versions up to, and including, 2.3.12
Description
The issue concerns a missing capability check on the "engtz wd save dropship" AJAX endpoint, allowing unauthenticated attackers to update drop shipping settings. This enables unauthorized modification of data.
Recommendations
For versions up to, and including, 2.3.12, update to a version that includes a fix for the missing capability check on the "engtz wd save dropship" AJAX endpoint.
As a temporary workaround, consider restricting access to the "engtz wd save dropship" AJAX endpoint until a patch is available.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ltl Freight Quotes – Globaltranz Edition