CVE-2026-3646

MEDIUM 5.3

LTL Freight Quotes – R+L Carriers Edition <= 3.3.13 - Missing Authorization to Unauthenticated Settings Update

CVSS Score

5.3

EPSS Score

0.2%

EPSS Percentile

36th

The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authorization via the plugin's webhook handler in all versions up to, and including, 3.3.13. This is due to missing authentication, authorization, and nonce verification on a standalone PHP file that directly processes GET parameters and updates WordPress options. This makes it possible for unauthenticated attackers to modify the plugin's subscription plan settings, effectively downgrading the store from a paid plan to the Trial Plan, changing the store type, and manipulating subscription expiration dates, potentially disabling premium features such as Dropship and Hazardous Material handling.

CWE	CWE-862
Vendor	enituretechnology
Product	ltl freight quotes – r+l carriers edition
Published	Apr 8, 2026
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for enituretechnology ltl freight quotes – r+l carriers edition

Be the first to know when new medium vulnerabilities affecting enituretechnology ltl freight quotes – r+l carriers edition are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

enituretechnology / LTL Freight Quotes – R+L Carriers Edition

0 ≤ 3.3.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a144c9ae-dfdb-4ea2-8c27-84d59439c72a?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/trunk/en-hit-to-update-plan.php#L33 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/tags/3.3.11/en-hit-to-update-plan.php#L33 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/trunk/en-hit-to-update-plan.php#L40 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/tags/3.3.11/en-hit-to-update-plan.php#L40 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/trunk/en-hit-to-update-plan.php#L43 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/tags/3.3.11/en-hit-to-update-plan.php#L43 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/trunk/en-hit-to-update-plan.php#L46 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/tags/3.3.11/en-hit-to-update-plan.php#L46 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/trunk/en-hit-to-update-plan.php#L49 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/tags/3.3.11/en-hit-to-update-plan.php#L49 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/trunk/en-hit-to-update-plan.php#L32 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-rl-edition/tags/3.3.11/en-hit-to-update-plan.php#L32 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3492361%40ltl-freight-quotes-rl-edition&new=3492361%40ltl-freight-quotes-rl-edition&sfp_email=&sfph_mail=

Credits

Phong Nguyen