WP-Safety

PSM Request a Quote for WooCommerce Security & Risk Analysis

wordpress.org/plugins/psm-request-a-quote

Allow customers to request a quote for WooCommerce products with ease.

0 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Mar 5, 2026
quoterequest-a-quoterequest-a-quote-buttonwoocommerce-request-a-quote-shortcodewoocommerce-request-for-quote
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PSM Request a Quote for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

PSM Request a Quote for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago
Risk Assessment

The "psm-request-a-quote" v1.0.0 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and ensuring 100% proper output escaping. Furthermore, there is no recorded history of vulnerabilities, which is a significant strength. However, a notable concern arises from the substantial attack surface, with 17 out of 41 total entry points lacking authentication or permission checks. This includes a significant number of unprotected REST API routes. While taint analysis did not reveal any immediate vulnerabilities, the presence of numerous unprotected entry points creates a fertile ground for potential exploitation if specific logical flaws are discovered in the future. The lack of documented vulnerabilities is encouraging but does not entirely mitigate the risks presented by the exposed entry points.

In conclusion, the plugin has a solid foundation in secure coding principles, particularly regarding SQL and output handling. The absence of known vulnerabilities is a strong indicator of developer diligence or fortunate circumstances. Nevertheless, the significant number of unprotected entry points, especially within the REST API, represents a considerable risk that could be exploited through other means. Addressing these exposed entry points should be a priority to improve the plugin's overall security, even in the absence of immediate exploitable flaws.

Key Concerns

  • REST API routes without permission callbacks
  • AJAX handlers without auth checks
Vulnerabilities
None known

PSM Request a Quote for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

PSM Request a Quote for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
308 escaped
Nonce Checks
7
Capability Checks
13
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped309 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<Textarea> (includes\Controllers\FormFields\Textarea.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
17 unprotected

PSM Request a Quote for WooCommerce Attack Surface

Entry Points41
Unprotected17

AJAX Handlers 14

authwp_ajax_psmraq_add_to_quoteincludes\Ajax\AddToQuote.php:24
noprivwp_ajax_psmraq_add_to_quoteincludes\Ajax\AddToQuote.php:25
authwp_ajax_psmraq_remove_from_quoteincludes\Ajax\AddToQuote.php:28
noprivwp_ajax_psmraq_remove_from_quoteincludes\Ajax\AddToQuote.php:29
authwp_ajax_psmraq_update_quoteincludes\Ajax\AddToQuote.php:32
noprivwp_ajax_psmraq_update_quoteincludes\Ajax\AddToQuote.php:33
authwp_ajax_psmraq_clear_quote_listincludes\Ajax\AddToQuote.php:36
noprivwp_ajax_psmraq_clear_quote_listincludes\Ajax\AddToQuote.php:37
authwp_ajax_psmraq_get_quote_listincludes\Ajax\AddToQuote.php:40
noprivwp_ajax_psmraq_get_quote_listincludes\Ajax\AddToQuote.php:41
authwp_ajax_psmraq_add_new_quote_requestincludes\Ajax\QuoteRequest.php:23
noprivwp_ajax_psmraq_add_new_quote_requestincludes\Ajax\QuoteRequest.php:24
authwp_ajax_psmraq_request_quoteincludes\Ajax\RequestAQuote.php:22
noprivwp_ajax_psmraq_request_quoteincludes\Ajax\RequestAQuote.php:23

REST API Routes 26

GET/wp-json/psmfr/v1/pagesframework\includes\rest-api\class-psmfr-rest-pages.php:23
GET/wp-json/psmfr/v1/settingsframework\includes\rest-api\class-psmfr-rest-settings.php:23
POST/wp-json/psmfr/v1/settings/resetframework\includes\rest-api\class-psmfr-rest-settings.php:76
GET/wp-json/psmfr/v1/timezonesframework\includes\rest-api\class-psmfr-rest-timezones.php:24
GET/wp-json/psmfr/v1/user-rolesframework\includes\rest-api\class-psmfr-rest-user-roles.php:27
GET/wp-json/psmfr/v1/woo-countriesframework\includes\rest-api\class-psmfr-rest-woo-countries.php:24
GET/wp-json/psmfr/v1/woo-statesframework\includes\rest-api\class-psmfr-rest-woo-countries.php:35
GET/wp-json/psmraq/v1/my-quotesincludes\RestAPIs\Quote\MyQuotes.php:30
GET/wp-json/psmraq/v1/my-quotes/(?P<order_id>\d+)includes\RestAPIs\Quote\MyQuotes.php:48
POST/wp-json/psmraq/v1/my-quotes/(?P<order_id>\d+)/rejectincludes\RestAPIs\Quote\MyQuotes.php:63
POST/wp-json/psmraq/v1/quote/(?P<order_id>\d+)/upload-filesincludes\RestAPIs\Quote\Quote.php:29
GET/wp-json/psmraq/v1/quote-options/(?P<order_id>\d+)includes\RestAPIs\Quote\QuoteOptions.php:34
POST/wp-json/psmraq/v1/quote-options/(?P<order_id>\d+)/send-test-emailincludes\RestAPIs\Quote\QuoteOptions.php:61
POST/wp-json/psmraq/v1/quote-options/(?P<order_id>\d+)/send-quoteincludes\RestAPIs\Quote\QuoteOptions.php:80
GET/wp-json/psmraq/v1/quote-request/(?P<order_id>\d+)includes\RestAPIs\Quote\QuoteRequest.php:33
GET/wp-json/psmraq/v1/settings/appearanceincludes\RestAPIs\Settings\Appearance.php:35
GET/wp-json/psmraq/v1/settings/appearance/defaultsincludes\RestAPIs\Settings\Appearance.php:62
GET/wp-json/psmraq/v1/settings/form-fieldsincludes\RestAPIs\Settings\Form.php:39
GET/wp-json/psmraq/v1/settings/form-fields/(?P<name>[a-zA-Z0-9]+)includes\RestAPIs\Settings\Form.php:51
POST/wp-json/psmraq/v1/settings/form-fields/reorderincludes\RestAPIs\Settings\Form.php:68
GET/wp-json/psmraq/v1/settings/generalincludes\RestAPIs\Settings\General.php:36
GET/wp-json/psmraq/v1/settings/general/defaultsincludes\RestAPIs\Settings\General.php:62
GET/wp-json/psmraq/v1/settings/page-settingsincludes\RestAPIs\Settings\Page.php:36
GET/wp-json/psmraq/v1/settings/page-settings/defaultsincludes\RestAPIs\Settings\Page.php:157
GET/wp-json/psmraq/v1/settings/quoteincludes\RestAPIs\Settings\Quote.php:33
GET/wp-json/psmraq/v1/settings/quote/defaultsincludes\RestAPIs\Settings\Quote.php:55

Shortcodes 1

[psmraq] includes\Frontend\Shortcode.php:119
WordPress Hooks 79
actionadmin_menuframework\includes\class-psmfr-admin.php:19
actionadmin_enqueue_scriptsframework\includes\class-psmfr-admin.php:22
actionadmin_enqueue_scriptsframework\includes\class-psmfr-admin.php:25
filteradmin_body_classframework\includes\class-psmfr-admin.php:110
actionwp_enqueue_scriptsframework\includes\class-psmfr-frontend.php:19
actionwp_enqueue_scriptsframework\includes\class-psmfr-frontend.php:22
actioninitframework\includes\class-psmfr-installation.php:44
actioninitframework\includes\class-psmfr-installation.php:46
actionrest_api_initframework\includes\rest-api\class-psmfr-rest-pages.php:14
actionrest_api_initframework\includes\rest-api\class-psmfr-rest-settings.php:14
actionrest_api_initframework\includes\rest-api\class-psmfr-rest-timezones.php:14
actionrest_api_initframework\includes\rest-api\class-psmfr-rest-user-roles.php:14
actionrest_api_initframework\includes\rest-api\class-psmfr-rest-woo-countries.php:14
filterpsmfr_js_objectincludes\Admin\Actions.php:21
actionadd_meta_boxesincludes\Admin\Order.php:36
actionadmin_enqueue_scriptsincludes\Admin\Order.php:37
filterpsmplugins_admin_submenusincludes\Admin\SettingsPage.php:22
actionadmin_enqueue_scriptsincludes\Admin\SettingsPage.php:25
filteradmin_body_classincludes\Admin\SettingsPage.php:64
actionwoocommerce_order_status_changedincludes\Controllers\Cron\QuoteExpiry.php:22
actionpsmraq_quote_options_updatedincludes\Controllers\Cron\QuoteExpiry.php:23
actionpsmraq_send_quoteincludes\Controllers\Cron\QuoteExpiry.php:26
actionpsmraq_execute_quote_expiryincludes\Controllers\Cron\QuoteExpiry.php:29
filterwoocommerce_email_classesincludes\Controllers\Emails\AcceptQuoteRequest\Actions.php:19
actionpsmraq_quote_acceptedincludes\Controllers\Emails\AcceptQuoteRequest\Actions.php:22
filterwoocommerce_email_classesincludes\Controllers\Emails\NewQuoteRequest\Actions.php:19
actionpsmraq_new_quote_requestincludes\Controllers\Emails\NewQuoteRequest\Actions.php:22
filterwoocommerce_email_classesincludes\Controllers\Emails\NewQuoteRequestConfirmation\Actions.php:19
actionpsmraq_new_quote_requestincludes\Controllers\Emails\NewQuoteRequestConfirmation\Actions.php:22
filterwoocommerce_email_classesincludes\Controllers\Emails\QuoteExpired\Actions.php:21
actionpsmraq_quote_expiredincludes\Controllers\Emails\QuoteExpired\Actions.php:24
filterwoocommerce_email_classesincludes\Controllers\Emails\RejectQuoteRequest\Actions.php:21
actionpsmraq_quote_rejectedincludes\Controllers\Emails\RejectQuoteRequest\Actions.php:24
filterwoocommerce_email_classesincludes\Controllers\Emails\SendQuote\Actions.php:19
actionpsmraq_send_quote_test_emailincludes\Controllers\Emails\SendQuote\Actions.php:22
actionpsmraq_send_quoteincludes\Controllers\Emails\SendQuote\Actions.php:25
actionpsmraq_email_quote_request_summaryincludes\Controllers\Emails\TemplateParts.php:22
actionpsmraq_email_quote_summaryincludes\Controllers\Emails\TemplateParts.php:25
actionpsmraq_email_quote_action_linksincludes\Controllers\Emails\TemplateParts.php:28
actionpsmraq_email_customer_detailsincludes\Controllers\Emails\TemplateParts.php:31
actioninitincludes\Controllers\WooStatuses.php:20
filterwc_order_statusesincludes\Controllers\WooStatuses.php:23
filterwc_order_is_editableincludes\Controllers\WooStatuses.php:26
actionadmin_enqueue_scriptsincludes\Controllers\WooStatuses.php:29
actionpsmraq_send_quoteincludes\Controllers\WooStatuses.php:32
actionpsmraq_quote_rejectedincludes\Controllers\WooStatuses.php:35
actionpsmraq_quote_expiredincludes\Controllers\WooStatuses.php:38
filterpsmfr_js_objectincludes\Frontend\Actions.php:18
actionwp_enqueue_scriptsincludes\Frontend\AddToQuote.php:22
actionwoocommerce_before_single_productincludes\Frontend\AddToQuote.php:23
filterwoocommerce_loop_add_to_cart_linkincludes\Frontend\AddToQuote.php:26
filterwoocommerce_get_price_htmlincludes\Frontend\AddToQuote.php:31
actionwoocommerce_add_to_cartincludes\Frontend\AddToQuote.php:36
filterwc_add_to_cart_message_htmlincludes\Frontend\AddToQuote.php:37
actionwoocommerce_single_product_summaryincludes\Frontend\AddToQuote.php:228
actionwoocommerce_after_add_to_cart_buttonincludes\Frontend\AddToQuote.php:241
actionwoocommerce_after_add_to_cart_buttonincludes\Frontend\AddToQuote.php:250
actionwoocommerce_product_meta_startincludes\Frontend\AddToQuote.php:258
actioninitincludes\Frontend\MyQuotes.php:24
filterwoocommerce_get_query_varsincludes\Frontend\MyQuotes.php:27
filterwoocommerce_account_menu_itemsincludes\Frontend\MyQuotes.php:30
actionwp_enqueue_scriptsincludes\Frontend\MyQuotes.php:36
actionwoocommerce_after_register_post_typeincludes\Frontend\Shortcode.php:57
actioninitincludes\Frontend\Shortcode.php:58
actionwp_enqueue_scriptsincludes\Frontend\Shortcode.php:59
actioninitincludes\Installation\Autoloader.php:48
actioninitincludes\Installation\Autoloader.php:50
actionrest_api_initincludes\RestAPIs\Quote\MyQuotes.php:20
actionrest_api_initincludes\RestAPIs\Quote\Quote.php:18
actionrest_api_initincludes\RestAPIs\Quote\QuoteOptions.php:23
actionrest_api_initincludes\RestAPIs\Quote\QuoteRequest.php:22
actionrest_api_initincludes\RestAPIs\Settings\Appearance.php:18
actionrest_api_initincludes\RestAPIs\Settings\Form.php:21
actionrest_api_initincludes\RestAPIs\Settings\General.php:20
actionrest_api_initincludes\RestAPIs\Settings\Page.php:20
actionrest_api_initincludes\RestAPIs\Settings\Quote.php:17
actionplugins_loadedpsm-request-a-quote.php:43
filterplugin_row_metapsm-request-a-quote.php:45
filterafter_switch_themepsm-request-a-quote.php:46

Scheduled Events 1

psmraq_execute_quote_expiry
Maintenance & Trust

PSM Request a Quote for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version7.4
Downloads137

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

PSM Request a Quote for WooCommerce Alternatives

YITH Request a Quote for WooCommerce

YITH Request a Quote for WooCommerce

yith-woocommerce-request-a-quote

A
93

The YITH Request a Quote for WooCommerce plugin lets your customers ask for an estimate of a list of products they are interested into.

10K 3 CVEs
Appsila WooQuote

Appsila WooQuote

appsila-wooquote

A
85

Appsila WooQuote is a plugin that enables your customers send quote requests from your woocommerce shop which will then be tracked in a full functiona &hellip;

0 No CVEs
Request a Quote for WooCommerce – Get a Quote Button – Product Enquiry Form Popup – Product Quotation

Request a Quote for WooCommerce – Get a Quote Button – Product Enquiry Form Popup – Product Quotation

get-a-quote-button-for-woocommerce

A
98

Request a Quote for WooCommerce and Elementor plugin shows a Contact Form 7 or WPForms popup on button click. Quote for WooCommerce, price on request.

6K 1 CVE
ELEX WooCommerce Request a Quote

ELEX WooCommerce Request a Quote

elex-request-a-quote

B
79

ELEX Request a Quote plugin allows your customers to add products to a quote list, fill out a form, and request a custom price.

2K 1 unpatched
B2B Request a Quote

B2B Request a Quote

woo-add-to-quote

A
100

Add B2B quote requests to WooCommerce. Let your customers request, manage, and negotiate quotes comfortably to boost B2B sales on your WordPress site.

80 No CVEs
Developer Profile

PSM Request a Quote for WooCommerce Developer Profile

PSM Plugins

3 plugins · 10K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
413 days
View full developer profile
Detection Fingerprints

How We Detect PSM Request a Quote for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/psm-request-a-quote/assets/css/psm-request-a-quote-frontend.css/wp-content/plugins/psm-request-a-quote/assets/css/psm-request-a-quote-admin.css/wp-content/plugins/psm-request-a-quote/assets/js/psm-request-a-quote-frontend.js/wp-content/plugins/psm-request-a-quote/assets/js/psm-request-a-quote-admin.js
Script Paths
/wp-content/plugins/psm-request-a-quote/assets/js/psm-request-a-quote-frontend.js/wp-content/plugins/psm-request-a-quote/assets/js/psm-request-a-quote-admin.js
Version Parameters
psm-request-a-quote/assets/css/psm-request-a-quote-frontend.css?ver=psm-request-a-quote/assets/css/psm-request-a-quote-admin.css?ver=psm-request-a-quote/assets/js/psm-request-a-quote-frontend.js?ver=psm-request-a-quote/assets/js/psm-request-a-quote-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
psm-request-a-quote-button
Data Attributes
data-psm-quote-button
JS Globals
psm_request_a_quote_params
Shortcode Output
[psm_quote_button]
FAQ

Frequently Asked Questions about PSM Request a Quote for WooCommerce