Vulnerabilities and security researches forrequest-a-quote request-a-quote

Aug 06, 2025

CVE, Research URL: CVE-2025-8420
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Aug 06, 2025
Research Description: The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2.5.2 via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called.
Affected versions: Min -, max -.
Status: vulnerable

Jul 25, 2024

CVE, Research URL: CVE-2024-6231
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jul 23, 2024
Research Description: The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-2240
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jul 25, 2022
Research Description: The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24420
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jul 13, 2021
Research Description: The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24489
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Oct 25, 2021
Research Description: The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-2239
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Date: Jul 25, 2022
Research Description: The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions: Min -, max -.
Status: vulnerable