WP-Safety

Dealia – Request a quote Security & Risk Analysis

wordpress.org/plugins/dealia-request-a-quote

Dealia is a quote management platform that allows to receive quote requests directly from your website, negotiate prices and make stress-free deals.

0 active installs v1.0.9 PHP 7.4+ WP 6.0+ Updated Apr 15, 2026
formsget-a-quote-buttonmanage-quote-requestsquotesrequest-a-quote
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Dealia – Request a quote Safe to Use in 2026?

Mostly Safe

Score 76/100

Dealia – Request a quote is generally safe to use. 2 past CVEs were resolved.

2 known CVEs 1 unpatched Last CVE: Feb 18, 2026Updated 1mo ago
Risk Assessment

The "dealia-request-a-quote" plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling and output escaping, the significant number of unprotected AJAX handlers presents a substantial risk. The static analysis reveals 7 AJAX handlers, all of which lack authentication checks, creating an easily exploitable attack surface. This, combined with the plugin's history of known vulnerabilities, particularly those related to Cross-Site Scripting and Missing Authorization, raises serious concerns.

The vulnerability history indicates a recurring pattern of security weaknesses, with one medium-severity vulnerability remaining unpatched. The fact that the last vulnerability was in 2026 suggests either a potential reporting anomaly or a recent discovery that has not yet been addressed. The presence of two medium-severity CVEs in the past, coupled with the current unprotected AJAX endpoints, suggests a systemic issue with authorization enforcement within the plugin's core functionality.

In conclusion, while the plugin's developers have implemented secure practices for SQL and output handling, the lack of authorization on its primary entry points (AJAX handlers) is a critical flaw. This, in conjunction with past vulnerabilities, necessitates immediate attention to secure these endpoints. Users should be highly cautious and prioritize patching any known vulnerabilities.

Key Concerns

  • Unprotected AJAX handlers
  • Unpatched CVE
  • Vulnerabilities: Missing Authorization
  • Vulnerabilities: Cross-site Scripting
Vulnerabilities
2 published

Dealia – Request a quote Security Vulnerabilities

CVEs by Year

2 CVEs in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-2718medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dealia <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes

Feb 18, 2026Unpatched
CVE-2026-2504medium · 4.3Missing Authorization

Dealia – Request a quote <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset

Feb 18, 2026 Patched in 1.0.8 (7d)
Version History

Dealia – Request a quote Release Timeline

v1.0.9Current1 CVE
CVE-2026-2718
v1.0.81 CVE
CVE-2026-2718
v1.0.72 CVEs
CVE-2026-2718 CVE-2026-2504
v1.0.62 CVEs
CVE-2026-2718 CVE-2026-2504
v1.0.52 CVEs
CVE-2026-2718 CVE-2026-2504
Code Analysis
Analyzed Mar 17, 2026

Dealia – Request a quote Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
43 escaped
Nonce Checks
7
Capability Checks
25
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

100% escaped43 total outputs
Attack Surface
7 unprotected

Dealia – Request a quote Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 7

authwp_ajax_dealia_ajax_manage_accountbootstrap.php:13
authwp_ajax_dealia_ajax_loginbootstrap.php:14
authwp_ajax_dealia_ajax_resetbootstrap.php:15
authwp_ajax_dealia_ajax_refreshbootstrap.php:16
authwp_ajax_dealia_save_additional_settingsbootstrap.php:17
authwp_ajax_dealia_get_formsbootstrap.php:24
authwp_ajax_dealia_ajax_validate_and_print_legacy_buttonbootstrap.php:38
WordPress Hooks 15
actionadmin_enqueue_scriptsbootstrap.php:6
actionadmin_menubootstrap.php:11
actionadmin_headbootstrap.php:12
actionwp_enqueue_scriptsbootstrap.php:20
actionwp_headbootstrap.php:21
actionadd_meta_boxesbootstrap.php:28
actionsave_postbootstrap.php:29
actionadmin_enqueue_scriptsbootstrap.php:33
actioninitbootstrap.php:34
actionadmin_footerbootstrap.php:35
actionadmin_initbootstrap.php:36
filtermce_external_pluginssrc\Controllers\PostsController.php:68
filtermce_buttonssrc\Controllers\PostsController.php:73
filterwoocommerce_product_data_store_cpt_get_products_querysrc\Services\DataFetcher.php:21
actiondealia_on_access_token_changesrc\Services\DealiaApi\Integration.php:13
Maintenance & Trust

Dealia – Request a quote Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads273

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Dealia – Request a quote Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
88

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

B
76

Best WordPress form builder plugin. Create contact forms, payment forms & order forms with 1000+ integrations.

600K 41 CVEs
Ninja Forms – The Contact Form Builder That Grows With You

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

B
76

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs
SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly AI Form Builder for WordPress. Create contact, payment, quiz & custom forms with advanced features in minutes.

500K 16 CVEs
Developer Profile

Dealia – Request a quote Developer Profile

dealia

1 plugin · 0 total installs

83
trust score
Avg Security Score
76/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Dealia – Request a quote

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dealia-request-a-quote/assets/css/dealia-admin.css/wp-content/plugins/dealia-request-a-quote/assets/css/dealia-spinner.css
Version Parameters
dealia-request-a-quote/assets/css/dealia-admin.css?ver=dealia-request-a-quote/assets/css/dealia-spinner.css?ver=

HTML / DOM Fingerprints

CSS Classes
dealia-select2-search-field
Data Attributes
data-dealia-site-urldata-dealia-admin-url
JS Globals
dealiaConfig
REST Endpoints
/wp-json/dealia/v1/forms/wp-json/dealia/v1/products/wp-json/dealia/v1/quote
Shortcode Output
[dealia_quote_button]
FAQ

Frequently Asked Questions about Dealia – Request a quote