CVE-2021-24489

Name of the Vulnerable Software and Affected Versions Request a Quote WordPress plugin versions prior to 2.3.9

Description The issue is related to authenticated Stored Cross-Site Scripting, which occurs due to the lack of sanitization, validation, or escaping of some settings in the admin dashboard. This problem exists even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard settings to minimize the risk of exploitation.