CVE-2025-58643
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| enituretechnology | ltl_freight_quotes_daylight_edition | * |
| wordpress | ltl_freight_quotes_daylight_edition_plugin | 2.2.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58643 is a PHP Object Injection vulnerability in the WordPress LTL Freight Quotes β Daylight Edition plugin (versions up to 2.2.7). It allows an attacker with administrator-level privileges to exploit a suitable PHP Object Injection Property Oriented Programming (POP) chain to potentially execute arbitrary code, perform SQL injection, path traversal, denial of service, and other attacks. The vulnerability arises from deserialization of untrusted data. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to severe impacts including arbitrary code execution, SQL injection, path traversal, and denial of service on the affected system. However, exploitation requires administrator-level access, which limits the attack surface. The overall severity is considered low, but successful exploitation could compromise confidentiality, integrity, and availability of the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the WordPress LTL Freight Quotes β Daylight Edition plugin version is 2.2.7 or earlier installed on your system. Since it requires administrator privileges to exploit, monitoring for unusual administrator activity or unexpected PHP object injection attempts may help. However, no specific detection commands are provided. It is also recommended to avoid relying solely on plugin-based malware scanners as they can be tampered with by malware. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the LTL Freight Quotes β Daylight Edition plugin to version 2.2.8 or later, where the vulnerability is fixed. Alternatively, Patchstack offers a virtual patching (vPatch) solution that can auto-mitigate the vulnerability before official patches are applied. Additionally, general security best practices include using professional incident response services if compromise is suspected and avoiding reliance on plugin-based malware scanners. [1]