CVE-2025-58642 HIGH

CVE-2025-58642: WordPress LTL Freight Quotes – Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection Vulnerability

Vendor Enituretechnology
Product LTL Freight Quotes – Day & Ross Edition
Weakness CWE-502 · Unsafe deserialization
Published September 3, 2025
Last update May 12, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through <= 2.1.11.

Explanation of Vulnerability in Simple Terms

02Summary

The LTL Freight Quotes – Day & Ross Edition plugin contains a deserialization vulnerability in versions up to 2.1.11. An authenticated administrator can supply malicious serialized data that the plugin processes without validation, potentially leading to unauthorized data access, modification, or site disruption. This requires administrative privileges to exploit.

What an attacker can do

03Attacker Capabilities

Read sensitive data, modify site content, or disrupt site availability by submitting malicious serialized input.

Potential impact on your site

04Site Impact

An admin account compromise could allow an attacker to read all site data, alter content, or take the site offline.

Conditions required to exploit

05Prerequisites

Attacker must have administrator-level access to the WordPress site.

Key dates

06Disclosure timeline

September 3, 2025 CVE published
May 12, 2026 Record updated