5 matches found
CVE-2021-24489
CVE-2021-24489 affects the WordPress plugin “Request a Quote” (versions before 2.3.9). The issue is an authenticated Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient sanitization/validation/escaping of admin dashboard settings, even when unfiltered_html is disallowed. Impact...
CVE-2022-2240
CVE-2022-2240 affects the WordPress plugin Request a Quote up to version 2.3.7, where the CSV upload handling does not validate uploaded CSV files. This allows unauthenticated users to attach a malicious CSV to a quote, enabling CSV injection when an admin downloads and opens the file. The vulner...
CVE-2022-2239
The CVE-2022-2239 issue affects the WordPress plugin Request a Quote (pre-2.3.9). Affected component: plugin settings sanitization/escaping; root cause is lack of sanitization and escaping of certain settings, enabling cross-site scripting for high-privilege users (e.g., admins) even when unfilte...
CVE-2021-24420
The CVE-2021-24420 entry concerns the WordPress plugin Request a Quote (before version 2.3.4). The vulnerability is an authenticated stored XSS caused by failure to sanitize/escape certain quote fields when adding/editing a quote as an admin, leading to XSS when quotes are rendered in the All Quo...
CVE-2024-6231
CVE-2024-6231 affects the WordPress plugin Request a Quote (versions before 2.4.1). The issue arises from insufficient sanitization/escaping of plugin settings, enabling stored XSS by high-privilege users (e.g., admins), including in multisite where unfiltered_html is disallowed. Red Hat and Patc...