CVE-2024-13481: 
WordPress vulnerability analysis and mitigation

The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress (CVE-2024-13481) contains a SQL Injection vulnerability discovered in February 2025. The vulnerability affects all versions up to and including 3.3.4, allowing unauthenticated attackers to exploit the 'editid' and 'dropshipedit_id' parameters (NVD).

The vulnerability stems from insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction. The vulnerability is classified as CWE-89 (SQL Injection) (NVD, Wordfence).

The vulnerability allows attackers to append additional SQL queries to existing ones, potentially leading to the extraction of sensitive information from the database. The high CVSS score particularly reflects the potential for unauthorized access to confidential data (NVD).

A patch has been released to address this vulnerability. Users are advised to update their LTL Freight Quotes – R+L Carriers Edition plugin to versions after 3.3.4 (WordPress Patch).