WordPress · Request A Quote · CVE-2021-24420
**Name of the Vulnerable Software and Affected Versions**
Request a Quote WordPress plugin versions prior to 2.3.4
**Description**
The issue arises from the plugin's failure to properly sanitise and escape certain quote fields when adding or editing a quote as an administrator. This leads to Stored Cross-Site scripting issues when the quote is displayed in the 'All Quotes' table.
**Recommendations**
For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'All Quotes' table to minimize the risk of exploitation.