No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Jul 2026 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_delete_file AJAX action. This is due to the emd_delete_file() handler deriving a PHP function name from the attacker-controlled $_POST['path'] parameter and invoking it dynamically via the variable-function call $sess_name(), and the handler being registered for wp_ajax_nopriv with its only protection being a nonce that the plugin prints into the public quote-form page via wp_localize_script. This makes it possible for unauthenticated attackers to invoke arbitrary zero-argument PHP functions on the server, such as phpinfo(), potentially exposing sensitive server configuration and credentials, or executing other destructive built-in PHP functions. | |
| Title | Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter | |
| Weaknesses | CWE-74 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-02T15:03:09.103Z
Reserved: 2026-06-30T14:10:36.813Z
Link: CVE-2026-14249
Updated: 2026-07-02T15:03:05.745Z
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')