Request a Quote, 5e7ad671f8a77a469a90b6a2aae807bbb1bc5199

CVE, Research URL: 5e7ad671f8a77a469a90b6a2aae807bbb1bc5199
Home page URL: Security reports for Request a Quote
Application: Request a Quote
Published on: Jun 30, 2023
Research Description: Request a Quote Form Plugin – Price Quote Request Management Made Easy [request-a-quote] < 2.3.11 Request a Quote <= 2.3.10 - Cross-Site Request Forgery The Request a Quote plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.10. This is due to missing nonce validation on the emd_show_forms_lite_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.3.11.
Status: vulnerable