CVE-2024-11034

Name of the Vulnerable Software and Affected Versions The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress versions up to, and including, 1.4

Description The issue allows arbitrary shortcode execution via the fire contact form AJAX action. This is due to the software not properly validating a value before running do shortcode, making it possible for unauthenticated attackers to execute arbitrary shortcodes.

Recommendations For versions up to, and including, 1.4, consider disabling the fire contact form AJAX action as a temporary workaround until a patch is available. Restrict access to the do shortcode function to minimize the risk of exploitation. Avoid using the fire contact form action in the affected plugin until the issue is resolved.