Lucene search
+L

4 matches found

CVE
CVE
added 2026/07/02 5:35 a.m.24 views

CVE-2026-14249

The CVE refers to the WordPress plugin “Request a Quote” (versions up to and including 2.5.5). The vulnerability is a Code Injection via the emd_delete_file AJAX action. The handler derives a PHP function name from attacker-controlled $_POST['path'] and invokes it dynamically through a variable-f...

7.5CVSS6AI score0.00333EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/15 1:30 p.m.24 views

WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Request a Quote versions = 2.5.3...

4.3CVSS7AI score0.00192EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/07/25 1:15 p.m.5 views

CVE-2022-2239

The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00532EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2021/06/14 12:0 a.m.7 views

PT-2021-16012 · WordPress +1 · Request A Quote +1

Name of the Vulnerable Software and Affected Versions: Request a Quote WordPress plugin versions prior to 2.3.9 Description: The issue is related to authenticated Stored Cross-Site Scripting, which occurs due to the lack of sanitization, validation, or escaping of some settings in the admin...

8.8CVSS6.9AI score0.03882EPSS
Exploits3References58
Rows per page
Query Builder