cleantalk
Vulnerabilities and Security Researches

Request a Quote, CVE-2025-8420

CVE, Research URL

CVE-2025-8420

Home page URL

Security reports for Request a Quote

Application

Request a Quote

Published on
Aug 06, 2025
Research Description
The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2.5.2 via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called.
Affected versions
Min -, max 2.5.3.
Status
vulnerable
Previous vulnerability researches
WP YouTube Lyte (CVE-2021-24419) , Jun 07, 2024
New vulnerability
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2025-54705) , Aug 06, 2025
Button Block – Get fully customizable & multi-functional buttons (CVE-2025-54694) , Aug 06, 2025
Staff Directory – Employee Directory for WordPress (CVE-2025-8295) , Aug 06, 2025
WP Tournament Registration (CVE-2025-6690) , Aug 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-8100) , Aug 06, 2025