PT-2026-54640 · Emarket Design · Request A Quote – Quote Forms For Any Wordpress Site

Mitchell

·

Publicado

2026-07-02

·

Atualizado

2026-07-02

·

CVE-2026-14249

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd delete file AJAX action. This is due to the emd delete file() handler deriving a PHP function name from the attacker-controlled $ POST['path'] parameter and invoking it dynamically via the variable-function call $sess name(), and the handler being registered for wp ajax nopriv with its only protection being a nonce that the plugin prints into the public quote-form page via wp localize script. This makes it possible for unauthenticated attackers to invoke arbitrary zero-argument PHP functions on the server, such as phpinfo(), potentially exposing sensitive server configuration and credentials, or executing other destructive built-in PHP functions.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-14249

Produtos afetados

Request A Quote – Quote Forms For Any Wordpress Site