Request a Quote <= 2.3.4 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability

Administrator

Published
2021-09-20

The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24489

CVSS

Score:4.8

Severity:Medium

Version: 2.3.4

There is a patch available in v2.3.5 and we strongly recommend you update to this version as soon as possible.