CVE-2025-58644
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| enituretechnology | ltl_freight_quotes_tql_edition | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a PHP Object Injection issue in the WordPress LTL Freight Quotes - TQL Edition Plugin (versions up to 1.2.6). It allows a malicious actor with administrator privileges to inject objects that can lead to various attacks such as code injection, SQL injection, path traversal, and denial of service, if a suitable PHP Object Injection POP chain is available. [1]
How can this vulnerability impact me? :
If exploited by an attacker with administrator privileges, this vulnerability can lead to severe impacts including unauthorized code execution, database manipulation via SQL injection, unauthorized file system access through path traversal, and denial of service, potentially disrupting the availability and integrity of your system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the WordPress LTL Freight Quotes - TQL Edition plugin version is 1.2.6 or earlier installed on your system. Since exploitation requires administrator privileges and involves PHP Object Injection, monitoring for unusual administrator activity or suspicious PHP object deserialization attempts is recommended. Specific commands are not provided in the resources, but checking the plugin version can be done via WordPress CLI with: wp plugin list | grep 'ltl-freight-quotes-tql-edition'. Additionally, monitoring logs for unusual PHP errors or injection attempts may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the LTL Freight Quotes - TQL Edition plugin to version 1.2.7 or later, where the vulnerability is fixed. If immediate updating is not possible, applying Patchstack's virtual patching (vPatch) solution can auto-mitigate the vulnerability before official patches are applied. It is also advised to restrict administrator privileges and monitor for suspicious activity. Engaging professional incident response if compromise is suspected is recommended. [1]