CVE-2025-5303 HIGH

CVE-2025-5303: LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter

Vendor Enituretechnology
Product LTL Freight Quotes – Freightview Edition
Weakness CWE-79 · XSS
Published June 7, 2025
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and including, 1.0.11, 2.2.6 and 2.1.10 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Key dates

02Disclosure timeline

June 7, 2025 CVE published
April 8, 2026 Record updated