cleantalk
Vulnerabilities and Security Researches

Request a Quote, CVE-2021-24489

CVE, Research URL

CVE-2021-24489

Home page URL

Security reports for Request a Quote

Application

Request a Quote

Published on
Oct 25, 2021
Research Description
The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
Affected versions
Min -, max 2.3.9.
Status
vulnerable
Previous vulnerability researches
ELEX WooCommerce Request a Quote (CVE-2025-31406) , Apr 02, 2025
Request a Quote (CVE-2025-8420) , Aug 06, 2025
Request a Quote (CVE-2022-2240) , Jun 07, 2024
Request a Quote (CVE-2021-24420) , Jun 07, 2024
Request a Quote (CVE-2021-24489) , Jun 07, 2024
New vulnerability
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten – A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025
Simple File List (CVE-2025-54021) , Aug 07, 2025
Newsletters (CVE-2025-54034) , Aug 07, 2025
FileBird – WordPress Media Library Folders & File Manager (CVE-2025-6986) , Aug 07, 2025