Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Emarket-design
Emarket-design request A Quote – Quote Forms For Any Wordpress Site Wordpress Wordpress wordpress |
|
| Vendors & Products |
Emarket-design
Emarket-design request A Quote – Quote Forms For Any Wordpress Site Wordpress Wordpress wordpress |
Thu, 02 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Jul 2026 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_delete_file AJAX action. This is due to the emd_delete_file() handler deriving a PHP function name from the attacker-controlled $_POST['path'] parameter and invoking it dynamically via the variable-function call $sess_name(), and the handler being registered for wp_ajax_nopriv with its only protection being a nonce that the plugin prints into the public quote-form page via wp_localize_script. This makes it possible for unauthenticated attackers to invoke arbitrary zero-argument PHP functions on the server, such as phpinfo(), potentially exposing sensitive server configuration and credentials, or executing other destructive built-in PHP functions. | |
| Title | Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter | |
| Weaknesses | CWE-74 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-02T15:03:09.103Z
Reserved: 2026-06-30T14:10:36.813Z
Link: CVE-2026-14249
Updated: 2026-07-02T15:03:05.745Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T01:15:16Z