EUVD-2021-11401

Malware in sbrugna...

WordPress Request a Quote plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Request a Quote versions = 2.5.0...

CVE-2024-6231

The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2021-24420

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table...

WordPress Request a Quote Plugin < 2.3.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Request a Quote Type Plugin Vulnerable versions 2.3.11 Fixed in 2.3.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bdadec21f189 Credits N/A Required privilege...

CVE-2021-24420

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table...

WordPress Request a Quote plugin <= 2.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajay Sandipan Thorbole in WordPress Request a Quote plugin versions = 2.3.0. Solution Update the WordPress Request a Quote plugin to the latest available version at least 2.3.4...