cleantalk
Vulnerabilities and Security Researches

Request a Quote, CVE-2022-2240

CVE, Research URL

CVE-2022-2240

Home page URL

Security reports for Request a Quote

Application

Request a Quote

Published on
Jul 25, 2022
Research Description
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
Affected versions
Min -, max 2.3.11.
Status
vulnerable
Previous vulnerability researches
ELEX WooCommerce Request a Quote (CVE-2025-31406) , Apr 02, 2025
Request a Quote (CVE-2025-8420) , Aug 06, 2025
Request a Quote (CVE-2022-2240) , Jun 07, 2024
Request a Quote (CVE-2021-24420) , Jun 07, 2024
Request a Quote (CVE-2021-24489) , Jun 07, 2024
New vulnerability
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten – A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025
Simple File List (CVE-2025-54021) , Aug 07, 2025
Newsletters (CVE-2025-54034) , Aug 07, 2025
FileBird – WordPress Media Library Folders & File Manager (CVE-2025-6986) , Aug 07, 2025