CVE-2025-1483

Description

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/0906e9b0-5093-4ddd-8868-8fcaad8e3a5b?source=cve

https://plugins.trac.wordpress.org/changeset/3243002/

مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

نوشته های مشابه

Multiple vulnerabilities in BizRobo!

TP-Link Deco BE65 Pro vulnerable to OS command injection

spider orange

Next.js Middleware 15.2.2 – Authorization Bypass

spider orange

IBM Security Verify Access 10.0.0 – Open Redirect during OAuth Flow