CVE-2025-22291: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in enituretechnology's LTL Freight Quotes – Worldwide Express Edition plugin versions through 5.0.20. The vulnerability was reported by security researcher Kévin Mosbahi (Mika) on November 26, 2024, and was publicly disclosed on February 12, 2025. The issue was assigned CVE-2025-22291 and relates to incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) and has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability allows unauthenticated users to perform certain actions that should be restricted to privileged users due to missing authorization checks (Patchstack).

The vulnerability enables arbitrary content deletion capabilities, which could potentially allow attackers to modify or delete content without proper authorization. This is considered highly dangerous and is expected to become mass exploited (Patchstack).

Users are advised to update to version 5.0.21 or later, which contains the fix for this vulnerability. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).