CVE-2021-24420

CVE-2021-24420: Request a Quote < 2.3.4 - Authenticated Stored XSS

Vendor Unknown
Product Request a Quote
Weakness CWE-79 · XSS
Published July 12, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table.

Key dates

02Disclosure timeline

July 12, 2021 CVE published
August 3, 2024 Record updated