What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through <= 2.1.11.
Explanation of Vulnerability in Simple Terms
02Summary
The LTL Freight Quotes – Day & Ross Edition plugin contains a deserialization vulnerability in versions up to 2.1.11. An authenticated administrator can supply malicious serialized data that the plugin processes without validation, potentially leading to unauthorized data access, modification, or site disruption. This requires administrative privileges to exploit.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify site content, or disrupt site availability by submitting malicious serialized input.
Potential impact on your site
04Site Impact
An admin account compromise could allow an attacker to read all site data, alter content, or take the site offline.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level access to the WordPress site.
Key dates
06Disclosure timeline
September 3, 2025
CVE published
May 12, 2026
Record updated