PT-2026-54640 · Emarket Design · Request A Quote – Quote Forms For Any Wordpress Site
Mitchell
·
Publicado
2026-07-02
·
Atualizado
2026-07-02
·
CVE-2026-14249
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd delete file AJAX action. This is due to the emd delete file() handler deriving a PHP function name from the attacker-controlled $ POST['path'] parameter and invoking it dynamically via the variable-function call $sess name(), and the handler being registered for wp ajax nopriv with its only protection being a nonce that the plugin prints into the public quote-form page via wp localize script. This makes it possible for unauthenticated attackers to invoke arbitrary zero-argument PHP functions on the server, such as phpinfo(), potentially exposing sensitive server configuration and credentials, or executing other destructive built-in PHP functions.
Correção
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Request A Quote – Quote Forms For Any Wordpress Site