cleantalk
Vulnerabilities and Security Researches

Request a Quote, CVE-2025-8420

CVE, Research URL

CVE-2025-8420

Home page URL

Security reports for Request a Quote

Application

Request a Quote

Published on
Aug 06, 2025
Research Description
The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2.5.2 via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called.
Affected versions
Min -, max 2.5.3.
Status
vulnerable
Previous vulnerability researches
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Chatbox Manager (CVE-2025-30790) , Mar 28, 2025
New vulnerability
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels (CVE-2025-54696) , Aug 06, 2025
Exclusive Addons for Elementor (CVE-2025-7498) , Aug 06, 2025
Advanced Custom Fields (ACF) (CVE-2012-10025) , Aug 06, 2025
Classified Listing – Classified ads & Business Directory Plugin (CVE-2025-54698) , Aug 06, 2025
Graphina – Elementor Charts and Graphs (CVE-2025-23968) , Aug 06, 2025