Dealia

**Name of the Vulnerable Software and Affected Versions** The Dealia – Request a Quote plugin for WordPress versions up to and including 1.0.6 **Description** The Dealia – Request a Quote plugin for WordPress is susceptible to Stored Cross-Site Scripting through Gutenberg block attributes. This is caused by using `wp kses()` for output escaping in HTML attribute contexts where `esc attr()` is needed. Authenticated attackers with Contributor-level access or higher can inject malicious web scripts into pages. These scripts will execute when a user accesses the compromised page. **Recommendations** Update The Dealia – Request a Quote plugin to a version later than 1.0.6.