WordPress Plugin Vulnerabilities

Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation < 1.5 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form

Description

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Affects Plugins

Plugin icon
get-a-quote-button-for-woocommerce
Fixed in 1.5

References

CVE
CVE-2024-11034
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3ccd3504-5663-48cd-90bc-502c2ce232f7

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
7.3 (high)

Miscellaneous

Original Researcher
Arkadiusz Hydzik
Verified
No
WPVDB ID
16479380-0657-4720-b6aa-ab06b2f9d29a

Timeline

Publicly Published
2024-11-22 (about 1 year ago)
Added
2024-11-22 (about 1 year ago)
Last Updated
2024-11-23 (about 1 year ago)

Other

Published
Title
Published
2024-10-01
Title
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce < 5.7.35 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
Published
2022-02-21
Title
WPCargo < 6.9.0 - Unauthenticated RCE
Published
2022-11-29
Title
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
Published
2014-08-01
Title
WPtouch 1.9.8 - ajax/file_upload.php Crafted Content-Type File Upload Remote Code Execution
Published
2014-08-01
Title
GeoPlaces - File Upload H&ling Remote Comm& Execution