Skip to main content

Ltl Freight Quotes Worldwide Express Edition EUVDEUVD-2026-19592

| CVE-2026-34899 MEDIUM
Missing Authorization (CWE-862)
2026-04-07 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 07, 2026 - 08:45 euvd
EUVD-2026-19592
Analysis Generated
Apr 07, 2026 - 08:45 vuln.today
CVE Published
Apr 07, 2026 - 08:31 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in Eniture technology LTL Freight Quotes - Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes - Worldwide Express Edition: from n/a through 5.2.1.

AnalysisAI

Missing authorization in Eniture Technology LTL Freight Quotes - Worldwide Express Edition plugin (versions through 5.2.1) allows unauthenticated remote attackers to modify data through incorrectly configured access control, affecting WordPress installations. The vulnerability has a CVSS score of 5.3 with no public exploit code confirmed, and affects WordPress plugin deployments where access control security levels are improperly enforced.

Technical ContextAI

This vulnerability stems from CWE-862 (Missing Authorization), a root cause where the application fails to verify that a user has proper authorization before performing sensitive operations. In the context of the LTL Freight Quotes - Worldwide Express Edition WordPress plugin, the access control mechanism that should restrict certain actions (data modification) based on user roles or capabilities is either absent or misconfigured. WordPress plugins typically rely on nonce verification and capability checks to enforce authorization; this plugin's broken access control suggests these protective mechanisms were either omitted or improperly implemented for one or more endpoints. The plugin, identified by CPE cpe:2.3:a:eniture_technology:ltl_freight_quotes_-_worldwide_express_edition:*:*:*:*:*:*:*:*, services logistics and freight quoting functionality, making unauthorized data modification particularly risky in business-critical workflows.

RemediationAI

Users of LTL Freight Quotes - Worldwide Express Edition should immediately update the plugin to a patched version released after 5.2.1; check the Eniture Technology plugin repository or Patchstack advisory for the exact fixed version number. In the interim, restrict access to the plugin's sensitive endpoints via web application firewall rules or WordPress security plugins that enforce capability checks. Review and harden access control configuration within the plugin settings to ensure proper role-based authorization is enforced. For detailed patch availability and version information, consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/ltl-freight-quotes-worldwide-express-edition/vulnerability/wordpress-ltl-freight-quotes-worldwide-express-edition-plugin-5-2-1-broken-access-control-vulnerability?_s_id=cve.

Share

EUVD-2026-19592 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy