The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authorization via the plugin's webhook handler in all versions up to, and including, 3.3.13. This is due to missing authentication, authorization, and nonce verification on a standalone PHP file that directly processes GET parameters and updates WordPress options. This makes it possible for unauthenticated attackers to modify the plugin's subscription plan settings, effectively downgrading the store from a paid plan to the Trial Plan, changing the store type, and manipulating subscription expiration dates, potentially disabling premium features such as Dropship and Hazardous Material handling.
The LTL Freight Quotes plugin for WordPress lacks authorization checks on its webhook handler, allowing unauthenticated attackers to modify subscription settings and downgrade paid plans to trial versions. This vulnerability affects all versions up to 3.3.13 and could disable critical premium features like Dropship and Hazardous Material handling.
يفتقر مكون LTL Freight Quotes للتحقق من التفويض في معالج webhook الخاص به، مما يسمح للمهاجمين غير المصرح لهم بتعديل إعدادات الاشتراك وتخفيض الخطط المدفوعة إلى نسخ تجريبية. يؤثر هذا الضعف على جميع الإصدارات حتى 3.3.13 ويمكن أن يعطل الميزات المتقدمة مثل معالجة المواد الخطرة والشحن المباشر.
The LTL Freight Quotes plugin for WordPress lacks authorization checks on its webhook handler, allowing unauthenticated attackers to modify subscription settings and downgrade paid plans to trial versions. This vulnerability affects all versions up to 3.3.13 and could disable critical premium features like Dropship and Hazardous Material handling.
Update the LTL Freight Quotes plugin to version 3.3.14 or later immediately. Implement proper authentication and authorization checks on all webhook handlers. Add nonce verification to all forms processing user input. Restrict access to webhook endpoints to authenticated users only. Monitor WordPress option changes for suspicious modifications.
قم بتحديث مكون LTL Freight Quotes إلى الإصدار 3.3.14 أو أحدث فوراً. تطبيق فحوصات المصادقة والتفويض الصحيحة على جميع معالجات webhook. إضافة التحقق من nonce لجميع النماذج التي تعالج مدخلات المستخدم. تقييد الوصول إلى نقاط نهاية webhook للمستخدمين المصرح لهم فقط. مراقبة التغييرات في خيارات WordPress للتعديلات المريبة.