Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes - Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes - Worldwide Express Edition: from n/a through 5.2.1.
AnalysisAI
Missing authorization in Eniture Technology LTL Freight Quotes - Worldwide Express Edition plugin (versions through 5.2.1) allows unauthenticated remote attackers to modify data through incorrectly configured access control, affecting WordPress installations. The vulnerability has a CVSS score of 5.3 with no public exploit code confirmed, and affects WordPress plugin deployments where access control security levels are improperly enforced.
Technical ContextAI
This vulnerability stems from CWE-862 (Missing Authorization), a root cause where the application fails to verify that a user has proper authorization before performing sensitive operations. In the context of the LTL Freight Quotes - Worldwide Express Edition WordPress plugin, the access control mechanism that should restrict certain actions (data modification) based on user roles or capabilities is either absent or misconfigured. WordPress plugins typically rely on nonce verification and capability checks to enforce authorization; this plugin's broken access control suggests these protective mechanisms were either omitted or improperly implemented for one or more endpoints. The plugin, identified by CPE cpe:2.3:a:eniture_technology:ltl_freight_quotes_-_worldwide_express_edition:*:*:*:*:*:*:*:*, services logistics and freight quoting functionality, making unauthorized data modification particularly risky in business-critical workflows.
RemediationAI
Users of LTL Freight Quotes - Worldwide Express Edition should immediately update the plugin to a patched version released after 5.2.1; check the Eniture Technology plugin repository or Patchstack advisory for the exact fixed version number. In the interim, restrict access to the plugin's sensitive endpoints via web application firewall rules or WordPress security plugins that enforce capability checks. Review and harden access control configuration within the plugin settings to ensure proper role-based authorization is enforced. For detailed patch availability and version information, consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/ltl-freight-quotes-worldwide-express-edition/vulnerability/wordpress-ltl-freight-quotes-worldwide-express-edition-plugin-5-2-1-broken-access-control-vulnerability?_s_id=cve.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19592