19 matches found
EUVD-2023-12968
Malicious code in bioql PyPI...
WordPress Request a Quote Form plugin code execution vulnerability
WordPress Request a Quote Form plugin is a plugin for collecting and managing quote requests with support for custom forms and centralized processing for quote requests for products, services or custom orders. A code execution vulnerability exists in the WordPress Request a Quote Form plugin that...
CVE-2025-8420
CVE-2025-8420 affects the WordPress plugin “Request a Quote Form”. The vulnerability arises from improper validation of user input used as a function name within the emd_form_builder_lite_pagenum routine, allowing unauthenticated remote code execution on affected servers. Affected versions are re...
CVE-2025-8420 Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution
Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emdformbuilderlitepagenum function. This is due to the plugin not properly validating user input before using it as a function name. This...
WordPress plugin Request a Quote Form 安全漏洞
WordPress Request a Quote Form plugin is a plugin for collecting and managing quote requests with support for custom forms and centralized processing for quote requests for products, services or custom orders. A code execution vulnerability exists in the WordPress Request a Quote Form plugin that...
PT-2025-32081 · WordPress · Request A Quote Form
Name of the Vulnerable Software and Affected Versions: Request a Quote Form plugin for WordPress versions prior to 2.5.3 Description: The Request a Quote Form plugin for WordPress is susceptible to Remote Code Execution due to improper validation of user input before it is used as a function name...
CVE-2023-0983
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...
CVE-2023-0983
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...
CVE-2023-0983
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...
Cross site scripting
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...
CVE-2023-0983
CVE-2023-0983 affects the WordPress plugin Stylish Cost Calculator Premium up to version 7.9.0. The vulnerability is an unauthenticated stored Cross-Site Scripting caused by insufficient sanitization/escaping of a parameter when outputting it on the Email Quote Form submission page, potentially e...
CVE-2023-0983 Stylish Cost Calculator Premium < 7.9.0 - Unauthenticated Stored XSS
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...
CVE-2023-0983 Stylish Cost Calculator Premium < 7.9.0 - Unauthenticated Stored XSS
The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...
PT-2023-16665 · WordPress · Stylish-Cost-Calculator-Premium
Name of the Vulnerable Software and Affected Versions: stylish-cost-calculator-premium WordPress plugin versions prior to 7.9.0 Description: The issue is related to a Stored Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted ba...
Stylish Cost Calculator Premium < 7.9.0 - Unauthenticated Stored XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form. PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: hosthere...
Request a Quote <= 2.3.7 - CSV Injection
The plugin does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it PoC On a page with a Quote Request form, upload the following CSV as an attachment: "First Name","Last...
Service Update 0.16 for Microsoft Dynamics 365 9.0
Service Update 0.16 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.16 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.16. MORE INFORMATION Update package| Version number ---|---...
datacentermap.com XSS vulnerability
Open Bug Bounty ID: OBB-598329 Description| Value ---|--- Affected Website:| datacentermap.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Joomla JE Quote Form Local File Inclusion
Author : altbta Email : l9athotmailatcom Script : Joomla Component comjequoteform Bug Type : Local File Inclusion LFI Dork : inurl:"index.php?option=comjequoteform" DoWnLoAd : http://joomlaextensions.co.in/free-download/docdownload/11-je-quotation-form.html === Exploit ===...