Vulnerabilities and security researches forrequest-a-quote request-a-quote

Jun 07, 2024

CVE, Research URL: CVE-2022-2240
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jul 25, 2022
Research Description: The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
Affected versions: max 2.3.8.
Status: vulnerable

CVE, Research URL: CVE-2021-24420
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jul 13, 2021
Research Description: The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.
Affected versions: max 2.3.4.
Status: vulnerable

CVE, Research URL: CVE-2021-24489
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Oct 25, 2021
Research Description: The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
Affected versions: max 2.3.9.
Status: vulnerable

CVE, Research URL: CVE-2022-2239
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jul 25, 2022
Research Description: The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions: max 2.3.9.
Status: vulnerable

Jul 25, 2024

CVE, Research URL: CVE-2024-6231
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jul 23, 2024
Research Description: The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 2.4.1.
Status: vulnerable

Aug 06, 2025

CVE, Research URL: CVE-2025-8420
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Aug 06, 2025
Research Description: Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called
Affected versions: max 2.5.3.
Status: vulnerable

Oct 11, 2025

CVE, Research URL: CVE-2025-58915
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Sep 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design Request a Quote request-a-quote allows Stored XSS.This issue affects Request a Quote: from n/a through <= 2.5.0.
Affected versions: max 2.5.1.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-64248
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Dec 16, 2025
Research Description: Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through <= 2.5.3.
Affected versions: max 2.5.4.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 5e7ad671f8a77a469a90b6a2aae807bbb1bc5199
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jun 30, 2023
Research Description: Request a Quote Form Plugin – Price Quote Request Management Made Easy [request-a-quote] < 2.3.11 Request a Quote <= 2.3.10 - Cross-Site Request Forgery The Request a Quote plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.10. This is due to missing nonce validation on the emd_show_forms_lite_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.3.11.
Status: vulnerable

CVE, Research URL: 4bc92bf8b452fa0f54703c576853e3a3e56157bd
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jun 28, 2022
Research Description: Request a Quote Form Plugin – Price Quote Request Management Made Easy [request-a-quote] <= 2.3.7 WordPress Request a Quote plugin <= 2.3.7 - CSV Injection vulnerability CSV Injection vulnerability discovered by Benachi in WordPress Request a Quote plugin (versions <= 2.3.7). Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pending a full review.
Affected versions: max 2.3.7.
Status: vulnerable

CVE, Research URL: 6eba2aa8fd71d4ea7dd969e0a5b52e3f1366a2fa
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jun 28, 2022
Research Description: Request a Quote Form Plugin – Price Quote Request Management Made Easy [request-a-quote] <= 2.3.7 WordPress Request a Quote plugin <= 2.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Benachi in WordPress Request a Quote plugin (versions <= 2.3.7). Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pending a full review.
Affected versions: max 2.3.7.
Status: vulnerable

CVE, Research URL: 359a61d5705c479c547aeae7536b6ad5e6d3b1c8
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jun 30, 2023
Research Description: Request a Quote Form Plugin – Price Quote Request Management Made Easy [request-a-quote] < 2.3.11 WordPress Request a Quote Plugin < 2.3.11 is vulnerable to Cross Site Request Forgery (CSRF) Update the WordPress Request a Quote plugin to the latest available version (at least 2.3.11). An unknown person discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Request a Quote Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 2.3.11.
Affected versions: max 2.3.11.
Status: vulnerable