Primary

Context

Request a Quote Form Plugin Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Request a Quote Form plugin for WordPress, affecting versions through 2.5.2. The vulnerability arises from the plugin's emd_form_builder_lite_pagenum function, which fails to properly validate user input before using it as a function name. This oversight allows unauthenticated attackers to execute code on the server, although they cannot pass parameters to the invoked functions.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the vulnerable WordPress site is hosted.

Remediation

Users are advised to update the Request a Quote Form plugin to version 2.5.3 or a newer patched version.

Added: Aug 6, 2025, 4:00 AM

Updated: Aug 6, 2025, 4:00 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

8.2

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

8.2

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Request a Quote Form Plugin Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Request a Quote Form

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating