VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Dec 15, 2025

Request a Quote Form Plugin – Price Quote Request Management Made Easy Vulnerabilities

Review known vulnerability records for the WordPress plugin Request a Quote Form Plugin – Price Quote Request Management Made Easy (`request-a-quote`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-64248 and CVE-2024-6231, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
1
Patch Coverage
100%
Last Updated
Dec 19, 2025
Priority CVE Quick Links

Fast paths into Request a Quote Form Plugin – Price Quote Request Management Made Easy CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2022-2240 High 2.3.9
CVE-2022-2240 Request a Quote Form Plugin – Price Quote Request Management Made Easy Vulnerability

Request a Quote <= 2.3.8 - CSV Injection

CVE-2022-2239 Medium 2.3.8
CVE-2022-2239 Request a Quote Form Plugin – Price Quote Request Management Made Easy Stored Cross-Site Scripting

Request a Quote <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE-2021-24420 Medium 2.3.4
CVE-2021-24420 Request a Quote Form Plugin – Price Quote Request Management Made Easy Stored Cross-Site Scripting

Request a Quote <= 2.3.3 - Authenticated Stored Cross-Site Scripting

CVE-2021-24489 Medium 2.3.5
CVE-2021-24489 Request a Quote Form Plugin – Price Quote Request Management Made Easy Stored Cross-Site Scripting

Request a Quote <= 2.3.4 - Stored Cross-Site Scripting

CVE-2024-6231 Medium 2.4.1
CVE-2024-6231 Request a Quote Form Plugin – Price Quote Request Management Made Easy Stored Cross-Site Scripting

Request a Quote <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE-2025-64248 Medium 2.5.4
CVE-2025-64248 Request a Quote Form Plugin – Price Quote Request Management Made Easy Vulnerability

Request a Quote <= 2.5.3 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Request a Quote Form Plugin – Price Quote Request Management Made Easy so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2025-64248 and CVE-2024-6231
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Request a Quote Form Plugin – Price Quote Request Management Made Easy

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-64248
CVE-2025-64248: Request a Quote <= 2.5.3 - Missing Authorization

The Request a Quote Form Plugin – Price Quote Request Management Made Easy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, wi...

Published
Dec 15, 2025
Patched Release
2.5.4
Affected Versions
Versions up to 2.5.3
Next Step
Update to 2.5.4 or newer if supported.
Open CVE-2025-64248 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6231
CVE-2024-6231: Request a Quote <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-...

Published
Jul 02, 2024
Patched Release
2.4.1
Affected Versions
Versions up to 2.4.0
Next Step
Update to 2.4.1 or newer if supported.
Open CVE-2024-6231 Report Open CVE Reference
Plugin Medium Patched: Yes
Request a Quote <= 2.3.10 - Cross-Site Request Forgery

The Request a Quote plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.10. This is due to missing nonce validation on the emd_show_forms_lite_page() function. This makes it possible for unauthenticated attackers to modify the pl...

Published
Jun 30, 2023
Patched Release
2.3.11
Affected Versions
Versions before 2.3.11
Next Step
Update to 2.3.11 or newer if supported.
Open Full Report
Plugin High Patched: Yes CVE-2022-2240
CVE-2022-2240: Request a Quote <= 2.3.8 - CSV Injection

The Request a Quote WordPress plugin through 2.3.8 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

Published
Jun 28, 2022
Patched Release
2.3.9
Affected Versions
Versions up to 2.3.8
Next Step
Update to 2.3.9 or newer if supported.
Open CVE-2022-2240 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-2239
CVE-2022-2239: Request a Quote <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting

The Request a Quote WordPress plugin through 2.3.7 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Published
Jun 28, 2022
Patched Release
2.3.8
Affected Versions
Versions up to 2.3.7
Next Step
Update to 2.3.8 or newer if supported.
Open CVE-2022-2239 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24489
CVE-2021-24489: Request a Quote <= 2.3.4 - Stored Cross-Site Scripting

The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

Published
Sep 21, 2021
Patched Release
2.3.5
Affected Versions
Versions before 2.3.5
Next Step
Update to 2.3.5 or newer if supported.
Open CVE-2021-24489 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24420
CVE-2021-24420: Request a Quote <= 2.3.3 - Authenticated Stored Cross-Site Scripting

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.

Published
Jun 16, 2021
Patched Release
2.3.4
Affected Versions
Versions before 2.3.4
Next Step
Update to 2.3.4 or newer if supported.
Open CVE-2021-24420 Report Open CVE Reference