What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition ltl-freight-quotes-daylight-edition allows Object Injection.This issue affects LTL Freight Quotes – Daylight Edition: from n/a through <= 2.2.7.
Explanation of Vulnerability in Simple Terms
02Summary
LTL Freight Quotes – Daylight Edition versions 2.2.7 and earlier contain a deserialization vulnerability that allows authenticated administrators to execute arbitrary code on the site. An attacker with admin access can craft malicious serialized data that, when processed by the plugin, runs their own PHP code. This requires high-level privileges but poses a critical risk to site integrity.
What an attacker can do
03Attacker Capabilities
Run arbitrary PHP code on the site with full administrative privileges.
Potential impact on your site
04Site Impact
A compromised admin account can fully control your site, steal data, modify content, or install backdoors.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level access to the WordPress site.
Key dates
06Disclosure timeline
September 3, 2025
CVE published
May 12, 2026
Record updated