CVE-2026-2504

The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.7. The admin nonce DEALIAADMINNONCE is exposed to all users with editposts capability...

CVE-2026-2718

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.8. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...

CVE-2026-2718 Dealia <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.8. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...

CVE-2026-2718 Dealia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...

CVE-2026-2718

CVE-2026-2718 — Dealia for WordPress stores cross-site scripting via Gutenberg block attributes in all versions up to 1.0.8. Root cause: escaping in HTML attribute contexts relies on wp_kses() where esc_attr() is required, allowing authenticated attackers with Contributor+ access to inject script...

CVE-2026-2504 Dealia – Request a quote <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset

The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.7. The admin nonce DEALIAADMINNONCE is exposed to all users with editposts capability...

CVE-2026-2504

CVE-2026-2504 concerns the Dealia – Request a quote plugin for WordPress. Wordfence reports an unauthorised data modification vulnerability caused by missing capability checks on multiple AJAX handlers, with the DEALIA_ADMIN_NONCE exposed to users with edit_posts capability (Contributor+) via wp_...

WordPress Dealia plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...

WordPress plugin Dealia 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Dealia 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-20642

The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.6. The admin nonce DEALIA ADMIN NONCE is exposed to all users with edit posts capability...

WordPress Dealia - Request a quote plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset vulnerability

WordPress Dealia - Request a quote plugin = 1.0.6 - Missing Authorization to Authenticated Contributor+ Plugin Configuration Reset vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...