4 matches found
CVE-2026-14249
The CVE refers to the WordPress plugin “Request a Quote” (versions up to and including 2.5.5). The vulnerability is a Code Injection via the emd_delete_file AJAX action. The handler derives a PHP function name from attacker-controlled $_POST['path'] and invokes it dynamically through a variable-f...
WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Request a Quote versions = 2.5.3...
CVE-2022-2239
The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
PT-2021-16012 · WordPress +1 · Request A Quote +1
Name of the Vulnerable Software and Affected Versions: Request a Quote WordPress plugin versions prior to 2.3.9 Description: The issue is related to authenticated Stored Cross-Site Scripting, which occurs due to the lack of sanitization, validation, or escaping of some settings in the admin...