86 matches found
EUVD-2022-34518
Malicious code in bioql PyPI...
WordPress Request a Quote plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Request a Quote versions = 2.5.0...
WordPress Request a Quote Form plugin code execution vulnerability
WordPress Request a Quote Form plugin is a plugin for collecting and managing quote requests with support for custom forms and centralized processing for quote requests for products, services or custom orders. A code execution vulnerability exists in the WordPress Request a Quote Form plugin that...
CVE-2025-8420 Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution
Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emdformbuilderlitepagenum function. This is due to the plugin not properly validating user input before using it as a function name. This...
CVE-2025-8420
CVE-2025-8420 affects the WordPress plugin “Request a Quote Form”. The vulnerability arises from improper validation of user input used as a function name within the emd_form_builder_lite_pagenum routine, allowing unauthenticated remote code execution on affected servers. Affected versions are re...
PT-2025-32081 · WordPress · Request A Quote Form
Name of the Vulnerable Software and Affected Versions: Request a Quote Form plugin for WordPress versions prior to 2.5.3 Description: The Request a Quote Form plugin for WordPress is susceptible to Remote Code Execution due to improper validation of user input before it is used as a function name...
WordPress plugin Request a Quote Form 安全漏洞
WordPress Request a Quote Form plugin is a plugin for collecting and managing quote requests with support for custom forms and centralized processing for quote requests for products, services or custom orders. A code execution vulnerability exists in the WordPress Request a Quote Form plugin that...
CVE-2024-6231
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-24654
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function...
CVE-2021-24420
The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table...
CVE-2025-31406
Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through = 2.3.9...
CVE-2025-31406 WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through = 2.3.9...
WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Peter Thaleikis in WordPress Plugin ELEX WooCommerce Request a Quote versions = 2.3.9...
CVE-2024-11034
The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...
WordPress Request a Quote for WooCommerce and Elementor plugin <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form vulnerability
Unauthenticated Arbitrary Shortcode Execution via firecontactform vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Request a Quote for WooCommerce and Elementor versions = 1.4...
CVE-2024-9430
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the cttepfwwploaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attacke...
WordPress Request a Quote plugin < 2.4.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Request a Quote versions 2.4.1...
CVE-2024-6231
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6231
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Request a Quote 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...