Lucene search
K

77 matches found

Patchstack
Patchstack
added 3 days ago5 views

WordPress Request a Quote – Quote Forms for Any WordPress Site plugin <= 2.5.5 - Unauthenticated Code Injection vulnerability

Unauthenticated Code Injection vulnerability discovered by Mitchell in WordPress Plugin Request a Quote versions = 2.5.5...

7.5CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
NVD
NVD
added 3 days ago10 views

CVE-2026-14249

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS0.00333EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-14249

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS6AI score0.00333EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-14249 Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS0.00333EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-54640

Name of the Vulnerable Software and Affected Versions Request a Quote versions prior to 2.5.6 Description The Request a Quote plugin for WordPress allows unauthenticated attackers to perform code injection. The issue occurs because the emd delete file function derives a PHP function name from the...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/02/18 11:54 p.m.8 views

WordPress Dealia - Request a quote plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset vulnerability

WordPress Dealia - Request a quote plugin = 1.0.6 - Missing Authorization to Authenticated Contributor+ Plugin Configuration Reset vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...

4.3CVSS5.5AI score0.00208EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/22 5:16 p.m.9 views

CVE-2026-24366

Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through = 2.46.0...

5.3CVSS0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.3 views

CVE-2026-24366 WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through = 2.46.0...

5.3CVSS5.4AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.12 views

PT-2026-4258

Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through = 2.46.0...

5.4AI score0.00187EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/09 5:32 p.m.6 views

WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin YITH WooCommerce Request A Quote versions = 2.46.0...

5.3CVSS5.4AI score0.00187EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.5 views

CVE-2025-64248

Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through = 2.5.3...

4.3CVSS7AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:31 a.m.4 views

EUVD-2025-203602

Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through = 2.5.3...

6.5AI score0.00185EPSS
Exploits0References2
NVD
NVD
added 2025/12/16 9:15 a.m.3 views

CVE-2025-64248

Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through = 2.5.3...

4.3CVSS0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.32 views

CVE-2025-64248 WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through = 2.5.3...

4.3CVSS0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.4 views

CVE-2025-64248 WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through = 2.5.3...

4.3CVSS6.6AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:12 a.m.9 views

CVE-2025-64248

Technical details for CVE-2025-64248 are not provided in the supplied documents; no affected products, root cause, or remediation are disclosed here. Monitor for updates from official advisories.

4.3CVSS6.6AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.21 views

WordPress plugin Request a Quote 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51396

Name of the Vulnerable Software and Affected Versions emarket-design versions through 2.5.3 Description An authorization issue exists in the Request a Quote functionality of emarket-design. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized...

4.3CVSS6.5AI score0.00185EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11401

Malware in sbrugna...

4.8CVSS5.4AI score0.00622EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28665

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01048EPSS
Exploits1References3
Rows per page
Query Builder