Lucene search
+L
EmarketdesignRequest A Quote

5 matches found

CVE
CVE
added 2021/10/25 1:20 p.m.79 views

CVE-2021-24489

CVE-2021-24489 affects the WordPress plugin “Request a Quote” (versions before 2.3.9). The issue is an authenticated Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient sanitization/validation/escaping of admin dashboard settings, even when unfiltered_html is disallowed. Impact...

4.8CVSS4.7AI score0.00622EPSS
CVE
CVE
added 2022/07/25 12:47 p.m.75 views

CVE-2022-2240

CVE-2022-2240 affects the WordPress plugin Request a Quote up to version 2.3.7, where the CSV upload handling does not validate uploaded CSV files. This allows unauthenticated users to attach a malicious CSV to a quote, enabling CSV injection when an admin downloads and opens the file. The vulner...

8.8CVSS8.9AI score0.01184EPSS
CVE
CVE
added 2022/07/25 12:47 p.m.71 views

CVE-2022-2239

The CVE-2022-2239 issue affects the WordPress plugin Request a Quote (pre-2.3.9). Affected component: plugin settings sanitization/escaping; root cause is lack of sanitization and escaping of certain settings, enabling cross-site scripting for high-privilege users (e.g., admins) even when unfilte...

4.8CVSS4.8AI score0.00532EPSS
CVE
CVE
added 2021/07/12 7:20 p.m.63 views

CVE-2021-24420

The CVE-2021-24420 entry concerns the WordPress plugin Request a Quote (before version 2.3.4). The vulnerability is an authenticated stored XSS caused by failure to sanitize/escape certain quote fields when adding/editing a quote as an admin, leading to XSS when quotes are rendered in the All Quo...

5.4CVSS5.2AI score0.00624EPSS
CVE
CVE
added 2024/07/23 6:0 a.m.59 views

CVE-2024-6231

CVE-2024-6231 affects the WordPress plugin Request a Quote (versions before 2.4.1). The issue arises from insufficient sanitization/escaping of plugin settings, enabling stored XSS by high-privilege users (e.g., admins), including in multisite where unfiltered_html is disallowed. Red Hat and Patc...

5.9CVSS5.5AI score0.00369EPSS