VYPR

Request A Quote

by WordPress

Source repositories

CVEs (9)

  • CVE-2022-2240HigJul 25, 2022
    risk 0.57cvss 8.8epss 0.01

    The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

  • CVE-2026-2718MedFeb 19, 2026
    risk 0.42cvss 6.4epss 0.00

    The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.8. This is due to the use of `wp_kses()` for output escaping within HTML attribute contexts where…

  • CVE-2025-58915MedSep 23, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design Request a Quote request-a-quote allows Stored XSS.This issue affects Request a Quote: from n/a through <= 2.5.0.

  • CVE-2024-6231MedJul 23, 2024
    risk 0.38cvss 5.9epss 0.00

    The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2021-24420MedJul 12, 2021
    risk 0.35cvss 5.4epss 0.01

    The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.

  • CVE-2022-2239MedJul 25, 2022
    risk 0.31cvss 4.8epss 0.01

    The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

  • CVE-2021-24489MedOct 25, 2021
    risk 0.31cvss 4.8epss 0.01

    The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

  • CVE-2026-2504MedFeb 19, 2026
    risk 0.28cvss 4.3epss 0.00

    The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.7. The admin nonce (DEALIA_ADMIN_NONCE) is exposed to all users with…

  • CVE-2025-64248MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through <= 2.5.3.

VYPR — Vulnerability Intelligence