WP-Safety

ELEX WooCommerce Request a Quote Security & Risk Analysis

wordpress.org/plugins/elex-request-a-quote

ELEX Request a Quote plugin allows your customers to add products to a quote list, fill out a form, and request a custom price.

2K active installs v2.3.9 PHP + WP 3.0.1+ Updated Feb 12, 2026
quote-requestrequest-a-quote-buttonrequest-a-quote-shortcoderequest-for-quotewoocommerce-request-a-quote
79
B · Generally Safe
CVEs total1
Unpatched1
Last CVEMar 31, 2025
Plugin page Download
Safety Verdict

Is ELEX WooCommerce Request a Quote Safe to Use in 2026?

Mostly Safe

Score 79/100

ELEX WooCommerce Request a Quote is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Mar 31, 2025Updated 1mo ago
Risk Assessment

The elex-request-a-quote plugin v2.3.9 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for a high percentage of SQL queries and properly escaping a significant portion of its outputs. The absence of REST API routes and cron events also reduces the attack surface. However, the presence of 26 AJAX handlers with no explicit authentication checks is a significant concern, as is the identified vulnerability history which points to a pattern of missing authorization. The taint analysis, while limited in scope, did reveal unsanitized paths, indicating potential for exploitation if these paths are exposed to untrusted input.

The vulnerability history, particularly the unpatched medium severity CVE and the commonality of missing authorization, strongly suggests that authorization checks are a recurring weakness in this plugin. The taint analysis, highlighting unsanitized paths, further reinforces the concern about how external data is handled. While the plugin implements many security best practices, the identified vulnerabilities and potential for unauthorized access through AJAX handlers are substantial risks that require immediate attention. The plugin needs to address the missing authorization checks and ensure all entry points are adequately secured against unauthorized access.

Key Concerns

  • Unpatched CVE (Medium Severity)
  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
  • No capability checks found
Vulnerabilities
1

ELEX WooCommerce Request a Quote Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31406medium · 4.3Missing Authorization

ELEX WooCommerce Request a Quote <= 2.3.5 - Missing Authorization

Mar 31, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

ELEX WooCommerce Request a Quote Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
20 prepared
Unescaped Output
89
340 escaped
Nonce Checks
41
Capability Checks
0
File Operations
15
External Requests
3
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

87% prepared23 total queries

Output Escaping

79% escaped429 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
elex_raq_add_order_comments (src\Quotelist\Models\QuoteListModel.php:978)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ELEX WooCommerce Request a Quote Attack Surface

Entry Points28
Unprotected0

AJAX Handlers 26

authwp_ajax_req_frm_add_fieldsrc\FormSetting\FormSettingController.php:20
authwp_ajax_req_frm_edit_fieldsrc\FormSetting\FormSettingController.php:21
authwp_ajax_req_frm_toggle_fieldsrc\FormSetting\FormSettingController.php:23
authwp_ajax_req_frm_delete_fieldsrc\FormSetting\FormSettingController.php:24
authwp_ajax_req_frm_submitsrc\FormSetting\FormSettingController.php:25
noprivwp_ajax_req_frm_submitsrc\FormSetting\FormSettingController.php:26
authwp_ajax_elex_raq_rearrange_fieldssrc\FormSetting\FormSettingController.php:28
authwp_ajax_elex_raq_save_form_settings_datasrc\FormSetting\FormSettingController.php:29
authwp_ajax_elex_raq_submit_formsrc\Quotelist\QuoteListController.php:47
noprivwp_ajax_elex_raq_submit_formsrc\Quotelist\QuoteListController.php:48
authwp_ajax_elex_raq_add_to_quotesrc\Quotelist\QuoteListController.php:50
noprivwp_ajax_elex_raq_add_to_quotesrc\Quotelist\QuoteListController.php:51
authwp_ajax_elex_raq_update_quantitysrc\Quotelist\QuoteListController.php:53
noprivwp_ajax_elex_raq_update_quantitysrc\Quotelist\QuoteListController.php:54
authwp_ajax_elex_raq_delete_itemsrc\Quotelist\QuoteListController.php:57
noprivwp_ajax_elex_raq_delete_itemsrc\Quotelist\QuoteListController.php:58
authwp_ajax_elex_raq_clear_listsrc\Quotelist\QuoteListController.php:60
noprivwp_ajax_elex_raq_clear_listsrc\Quotelist\QuoteListController.php:61
authwp_ajax_elex_raq_update_quote_listsrc\Quotelist\QuoteListController.php:63
noprivwp_ajax_elex_raq_update_quote_listsrc\Quotelist\QuoteListController.php:64
authwp_ajax_get_the_quote_listsrc\Quotelist\QuoteListController.php:67
noprivwp_ajax_get_the_quote_listsrc\Quotelist\QuoteListController.php:68
authwp_ajax_search_products_by_namesrc\Settings\SettingsController.php:28
authwp_ajax_search_products_by_categorysrc\Settings\SettingsController.php:29
authwp_ajax_search_products_by_tagsrc\Settings\SettingsController.php:30
authwp_ajax_search_user_rolesrc\Settings\SettingsController.php:31

Shortcodes 2

[elex_quote_request_list] src\Quotelist\QuoteListController.php:70
[elex_quote_received_page] src\Quotelist\QuoteListController.php:71
WordPress Hooks 80
actionadmin_noticesclass-elex-request-a-quote.php:43
actionplugins_loadedclass-elex-request-a-quote.php:137
actionbefore_woocommerce_initclass-elex-request-a-quote.php:141
actionadmin_noticesreview_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:20
actionadmin_initreview_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:21
actioninitsrc\create_order_status.php:9
filterwc_order_statusessrc\create_order_status.php:47
filterwoocommerce_valid_order_statuses_for_paymentsrc\create_order_status.php:67
filterwoocommerce_valid_order_statuses_for_cancelsrc\create_order_status.php:68
filterwc_order_is_editablesrc\create_order_status.php:80
actionreq_settings_tab_formsrc\FormSetting\FormSettingController.php:18
actionsettings_saving_formsrc\FormSetting\FormSettingController.php:27
actionreq_settings_tab_faqssrc\HelpAndSupport\HelpAndSupportController.php:12
actionreq_settings_tab_ticketsrc\HelpAndSupport\HelpAndSupportController.php:13
actionadmin_initsrc\HelpAndSupport\HelpAndSupportController.php:14
actionreq_settings_tab_notificationsrc\Notification\NotificationController.php:17
actionreq_settings_tab_notification_generalsrc\Notification\NotificationController.php:18
actionreq_settings_tab_notification_googlechatsrc\Notification\NotificationController.php:19
actionreq_settings_tab_notification_smssrc\Notification\NotificationController.php:20
filtersettings_saving_notification_generalsrc\Notification\NotificationController.php:22
filtersettings_saving_notification_googlechatsrc\Notification\NotificationController.php:23
filtersettings_saving_notification_smssrc\Notification\NotificationController.php:24
actionwoocommerce_order_status_quote-requestedsrc\Notification\NotificationController.php:26
actionwoocommerce_order_status_quote-requestedsrc\Notification\NotificationController.php:27
actionwoocommerce_order_status_quote-rejectedsrc\Notification\NotificationController.php:28
actionwoocommerce_order_status_quote-approvedsrc\Notification\NotificationController.php:29
actioninitsrc\Notification\NotificationController.php:30
actionwoocommerce_order_status_quote-requestedsrc\Notification\NotificationController.php:32
actionwoocommerce_order_status_quote-requestedsrc\Notification\NotificationController.php:33
actionwpcf7_before_send_mailsrc\Notification\NotificationController.php:48
actionreq_settings_tab_listpagesrc\Quotelist\ListPageController.php:17
actionreq_settings_tab_additionalsrc\Quotelist\ListPageController.php:18
filtersettings_saving_listpagesrc\Quotelist\ListPageController.php:21
filtersettings_saving_additionalsrc\Quotelist\ListPageController.php:22
filterwoocommerce_variable_sale_price_htmlsrc\Quotelist\Models\QuoteListModel.php:643
filterwoocommerce_variable_price_htmlsrc\Quotelist\Models\QuoteListModel.php:645
filterwoocommerce_get_price_htmlsrc\Quotelist\Models\QuoteListModel.php:647
actionwoocommerce_after_shop_loop_item_titlesrc\Quotelist\QuoteListController.php:36
actionwoocommerce_after_shop_loop_itemsrc\Quotelist\QuoteListController.php:38
actionwoocommerce_after_shop_loop_itemsrc\Quotelist\QuoteListController.php:41
actioninitsrc\Quotelist\QuoteListController.php:45
actionwoocommerce_product_meta_startsrc\Quotelist\QuoteListController.php:74
actionawb_after_woo_add_to_cart_contentsrc\Quotelist\QuoteListController.php:79
actionwoocommerce_after_add_to_cart_formsrc\Quotelist\QuoteListController.php:82
actionwoocommerce_product_meta_startsrc\Quotelist\QuoteListController.php:83
actionwoocommerce_after_single_product_summarysrc\Quotelist\QuoteListController.php:86
actionwoocommerce_after_add_to_cart_formsrc\Quotelist\QuoteListController.php:92
actionwoocommerce_product_meta_startsrc\Quotelist\QuoteListController.php:93
actionwoocommerce_single_product_summarysrc\Quotelist\QuoteListController.php:97
filterwoocommerce_loop_add_to_cart_linksrc\Quotelist\QuoteListController.php:100
filterwoocommerce_before_add_to_cart_formsrc\Quotelist\QuoteListController.php:103
actionwoocommerce_single_product_summarysrc\Quotelist\QuoteListController.php:105
filterwoocommerce_variable_sale_price_htmlsrc\Quotelist\QuoteListController.php:109
filterwoocommerce_variable_price_htmlsrc\Quotelist\QuoteListController.php:111
filterwoocommerce_get_price_htmlsrc\Quotelist\QuoteListController.php:113
actionadd_meta_boxessrc\Quotelist\QuoteListController.php:116
actionrest_api_initsrc\Quotelist\QuoteListController.php:119
actionloop_startsrc\Quotelist\QuoteListController.php:125
actionwoocommerce_single_variationsrc\Quotelist\QuoteListController.php:682
actionadmin_initsrc\RequestAQuote.php:35
actioninitsrc\RequestAQuote.php:37
actionwp_enqueue_scriptssrc\RequestAQuote.php:38
actioninitsrc\RequestAQuote.php:40
actionwidgets_initsrc\RequestAQuote.php:42
actionelementor/widgets/registersrc\RequestAQuote.php:44
actionwpsrc\RequestAQuote.php:46
actionwoocommerce_initsrc\RequestAQuote.php:48
actioninitsrc\RequestAQuote.php:69
actionadmin_menusrc\RequestAQuote.php:435
actionreq_settings_tab_generalsrc\Settings\SettingsController.php:19
actionreq_settings_tab_go_premiumsrc\Settings\SettingsController.php:24
actionreq_settings_tab_hide_cartsrc\Settings\SettingsController.php:26
filtersettings_saving_generalsrc\Settings\SettingsController.php:33
filtersettings_saving_hide_cartsrc\Settings\SettingsController.php:34
actionreq_settings_tab_buttonsrc\Settings\SettingsController.php:36
filtercomments_clausessrc\TemplateSetting\Models\TemplateModel.php:522
actionreq_settings_tab_templatesrc\TemplateSetting\TemplateController.php:15
filtersettings_saving_templatesrc\TemplateSetting\TemplateController.php:17
actionreq_settings_tab_widgetsrc\Widget\WidgetController.php:12
filtersettings_saving_widgetsrc\Widget\WidgetController.php:13
Maintenance & Trust

ELEX WooCommerce Request a Quote Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 12, 2026
PHP min version
Downloads58K

Community Trust

Rating94/100
Number of ratings23
Active installs2K
Alternatives

ELEX WooCommerce Request a Quote Alternatives

YITH Request a Quote for WooCommerce

YITH Request a Quote for WooCommerce

yith-woocommerce-request-a-quote

A
93

The YITH Request a Quote for WooCommerce plugin lets your customers ask for an estimate of a list of products they are interested into.

10K 3 CVEs
Appsila WooQuote

Appsila WooQuote

appsila-wooquote

A
85

Appsila WooQuote is a plugin that enables your customers send quote requests from your woocommerce shop which will then be tracked in a full functiona &hellip;

0 No CVEs
PSM Request a Quote for WooCommerce

PSM Request a Quote for WooCommerce

psm-request-a-quote

A
100

Allow customers to request a quote for WooCommerce products with ease.

0 No CVEs
Request a Quote for WooCommerce – Get a Quote Button – Product Enquiry Form Popup – Product Quotation

Request a Quote for WooCommerce – Get a Quote Button – Product Enquiry Form Popup – Product Quotation

get-a-quote-button-for-woocommerce

A
98

Request a Quote for WooCommerce and Elementor plugin shows a Contact Form 7 or WPForms popup on button click. Quote for WooCommerce, price on request.

6K 1 CVE
Request a Quote Pro by Aavoya

Request a Quote Pro by Aavoya

request-a-quote-pro-by-aavoya

A
85

Request a Quote Pro by Aavoya WooCommerce plugin enables your customers query for an estimate of a list of products they are interested.

0 No CVEs
Developer Profile

ELEX WooCommerce Request a Quote Developer Profile

ELEXtensions

22 plugins · 28K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
53 days
View full developer profile
Detection Fingerprints

How We Detect ELEX WooCommerce Request a Quote

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/elex-request-a-quote/assets/css/elex-request-a-quote.css/wp-content/plugins/elex-request-a-quote/assets/js/elex-request-a-quote-script.js/wp-content/plugins/elex-request-a-quote/assets/js/jquery.validate.min.js/wp-content/plugins/elex-request-a-quote/assets/js/jquery.bootstrap.min.js/wp-content/plugins/elex-request-a-quote/assets/css/bootstrap.min.css/wp-content/plugins/elex-request-a-quote/assets/css/elex-request-a-quote-custom.css
Script Paths
/wp-content/plugins/elex-request-a-quote/assets/js/elex-request-a-quote-script.js/wp-content/plugins/elex-request-a-quote/assets/js/jquery.validate.min.js/wp-content/plugins/elex-request-a-quote/assets/js/jquery.bootstrap.min.js
Version Parameters
elex-request-a-quote/assets/css/elex-request-a-quote.css?ver=elex-request-a-quote/assets/js/elex-request-a-quote-script.js?ver=elex-request-a-quote/assets/js/jquery.validate.min.js?ver=elex-request-a-quote/assets/js/jquery.bootstrap.min.js?ver=elex-request-a-quote/assets/css/bootstrap.min.css?ver=elex-request-a-quote/assets/css/elex-request-a-quote-custom.css?ver=

HTML / DOM Fingerprints

CSS Classes
elex-raq-quote-buttonelex-raq-add-to-quoteelex-raq-remove-from-quoteelex-raq-quote-request-formelex-raq-custom-form-fieldelex-raq-custom-form-labelelex-raq-custom-form-inputelex-raq-custom-form-textarea+6 more
Data Attributes
data-quote-item-iddata-quote-iddata-product-iddata-user-iddata-session-key
JS Globals
elex_raq_vars
REST Endpoints
/wp-json/elex-request-a-quote/v1/add_to_quote/wp-json/elex-request-a-quote/v1/remove_from_quote/wp-json/elex-request-a-quote/v1/update_quote_item_quantity/wp-json/elex-request-a-quote/v1/submit_quote_request
Shortcode Output
[elex_request_a_quote_button][elex_request_quote_form][elex_quote_list]
FAQ

Frequently Asked Questions about ELEX WooCommerce Request a Quote