CVE Details
Basic Information
| Title | Request a Quote Form Plugin <= 2.5.2 - Unauthenticated Limited Remote Code Execution |
|---|---|
| Type | cve |
| Published | 2025-08-06T02:24:12.120Z |
| Modified | 2025-08-06T02:24:12.120Z |
Product Information
| Vendor | emarket-design |
|---|---|
| Product | Request a Quote Form Plugin – Price Quote Request Management Made Easy |
| Version | * |
CVSS Information
| Base Score | 8.1 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | The Request a Quote Form plugin for WordPress (versions <=2.5.2) is vulnerable to unauthenticated Remote Code Execution due to improper input validation. Attackers can execute code on the server, though functionality is limited as parameters cannot be passed. |
|---|---|
| AI Severity | High |
| AI Vendor | emarket-design |
| AI Product | Request a Quote Form Plugin |
| AI Version | 2.5.2 and below |
Affected Products
- emarket-design Request a Quote Form Plugin – Price Quote Request Management Made Easy *
Additional Information
| CWE List | CWE-95 |
|---|---|
| Source | Wordfence |
Description
The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2.5.2 via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called.