Platform
wordpress
Component
ltl-freight-quotes-worldwide-express-edition
Fixed in
5.2.2
5.2.2
CVE-2026-34899 affects the LTL Freight Quotes – Worldwide Express Edition plugin for WordPress. This vulnerability allows unauthenticated attackers to perform unauthorized actions due to a missing capability check. Versions up to and including 5.2.1 are impacted, and a patch is available in version 5.2.2.
CVE-2026-34899 affects the LTL Freight Quotes – Worldwide Express Edition plugin for WordPress, leading to unauthorized access. A missing capability check on a specific function allows unauthenticated attackers to perform actions they shouldn't be able to. This could result in manipulation of shipping data, alteration of quotes, or even access to sensitive information related to shipments and customers. The CVSS score is 5.3, indicating a moderate risk. Updating the plugin is crucial to mitigate this risk, especially if your website handles confidential shipping or quoting information. This vulnerability exists in all versions up to and including 5.2.1, making the update mandatory.
An unauthenticated attacker could exploit this vulnerability by sending carefully crafted HTTP requests directly to the web server. These requests could leverage the missing capability check to execute the vulnerable function and perform unauthorized actions. The success of exploitation depends on the web server configuration and the presence of other vulnerabilities that might facilitate access to the website. While exploitation requires a certain level of technical knowledge, the relative simplicity of the vulnerability makes it an attractive target for attackers with varying skill levels. The lack of authentication is the key factor enabling exploitation.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The solution for CVE-2026-34899 is straightforward: update the LTL Freight Quotes – Worldwide Express Edition plugin to version 5.2.2 or higher. This update includes the fix by implementing the necessary capability checks. We strongly recommend performing this update as soon as possible to protect your website from potential attacks. Additionally, review user permissions within WordPress to ensure only authorized users have access to the plugin's functions. Monitoring server logs for suspicious activity can also help detect and respond to potential exploitation attempts. The update is the most effective preventative measure.
Update to version 5.2.2, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for this security vulnerability.
If immediate updating isn’t possible, consider restricting access to the plugin and monitoring server logs.
Yes, all versions of the plugin up to and including 5.2.1 are vulnerable.
In the WordPress admin dashboard, go to the plugins section and check the installed version.
The update is available in the WordPress plugin repository or on the developer’s website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.