CVE-2021-24420

Name of the Vulnerable Software and Affected Versions Request a Quote WordPress plugin versions prior to 2.3.4

Description The issue arises from the plugin's failure to properly sanitise and escape certain quote fields when adding or editing a quote as an administrator. This leads to Stored Cross-Site scripting issues when the quote is displayed in the 'All Quotes' table.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'All Quotes' table to minimize the risk of exploitation.