CVE-2025-22284

CVE-2025-22284 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the WordPress plugin LTL Freight Quotes – Unishippers Edition (ltl-freight-quotes-unishippers-edition) developed by enituretechnology. This issue impacts all versions of the plugin from n/a through 2.5.8 inclusive. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility and scope change.

A remote, unauthenticated attacker can exploit this vulnerability by crafting malicious input that is reflected back in web page generation, tricking a user into interacting with it, such as clicking a malicious link. Upon successful exploitation, the attacker can execute arbitrary scripts in the victim's browser context, potentially compromising low levels of confidentiality, integrity, and availability impacts across a changed scope.

The Patchstack advisory provides details on this vulnerability, including assessment for the affected WordPress plugin versions up to 2.5.8, available at https://patchstack.com/database/Wordpress/Plugin/ltl-freight-quotes-unishippers-edition/vulnerability/wordpress-ltl-freight-quotes-unishippers-edition-plugin-2-5-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.