CVE-2026-8884

The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-8884 Instant-Quote.co Quotation Page <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Instant-Quote.co Quotation Page 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-2504

CVE-2026-2504 concerns the Dealia – Request a quote plugin for WordPress. Wordfence reports an unauthorised data modification vulnerability caused by missing capability checks on multiple AJAX handlers, with the DEALIA_ADMIN_NONCE exposed to users with edit_posts capability (Contributor+) via wp_...

PT-2026-20795

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wp kses for output escaping within HTML attribute contexts where esc attr is required. This makes it...

CVE-2026-24366

CVE-2026-24366 : Missing Authorization in the WordPress plugin “YITH Request a Quote for WooCommerce” (YITH WooCommerce Request A Quote) due to incorrectly configured access control. Affected versions: from n/a through 2.46.0. Public sources (NVD, Red Hat, CIRCL, CVE List) describe it as a Broken...

CVE-2026-24366

Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through = 2.46.0...

WordPress plugin YITH WooCommerce Request A Quote has a security vulnerability.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Request a Quote versions = 2.5.3...

WordPress Simple Pull Quote plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Pull Quote versions = 1.6.3...

EUVD-2021-11401

Malware in sbrugna...

WordPress Request a Quote plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Request a Quote versions = 2.5.0...

CVE-2024-6231

The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2021-24420

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table...

WordPress Request a Quote Plugin < 2.3.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Request a Quote Type Plugin Vulnerable versions 2.3.11 Fixed in 2.3.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bdadec21f189 Credits N/A Required privilege...

CVE-2022-2239

The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress Quote for WooCommerce Lite – Request a Product Quote Plugin plugin <= 1.4.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Quote for WooCommerce Lite – Request a Product Quote Plugin plugin versions = 1.4.8. Solution Update the WordPress Quote for WooCommerce Lite – Request a Product Quote Plugin plugin to the latest available version at least 1.4...

CVE-2021-3727

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

ohmyzsh 操作系统命令注入漏洞

ohmyzsh is an open source, community-driven framework for managing your zsh configuration. ohmyzsh suffers from an operating system command injection vulnerability that can be exploited by an attacker to trigger command injection via the rand-quote and hitokoto plugins...

CVE-2021-24420

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table...