WP-Safety

Request a Quote Form Plugin – Price Quote Request Management Made Easy Security & Risk Analysis

wordpress.org/plugins/request-a-quote

Easily collect quote requests with a customizable form and manage them in one place. Perfect for pricing inquiries, RFQs, and RFIs.

1K active installs v2.5.5 PHP + WP 4.5+ Updated Feb 25, 2026
inquiry-formprice-quotequotation-requestquote-formrequest-a-quote
92
A · Safe
CVEs total7
Unpatched0
Last CVEDec 15, 2025
Plugin page Download
Safety Verdict

Is Request a Quote Form Plugin – Price Quote Request Management Made Easy Safe to Use in 2026?

Generally Safe

Score 92/100

Request a Quote Form Plugin – Price Quote Request Management Made Easy has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

7 known CVEsLast CVE: Dec 15, 2025Updated 2mo ago
Risk Assessment

The "request-a-quote" plugin v2.5.5 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices with 100% of its SQL queries using prepared statements and a high percentage (84%) of properly escaped output, suggesting an effort to prevent common vulnerabilities like SQL Injection and XSS. Furthermore, the absence of unpatched CVEs and the presence of a significant number of nonce and capability checks indicate robust security considerations in many areas.

However, several concerning findings warrant attention. The plugin has a substantial attack surface with 33 entry points, and a significant portion (11) of these AJAX handlers lack authentication checks, creating potential avenues for unauthorized actions. The taint analysis revealed two high-severity flows with unsanitized paths, suggesting potential vulnerabilities if these flows are exploitable. While there are no currently unpatched CVEs, the plugin's history of 7 known vulnerabilities, including high and medium severity issues like Missing Authorization, CSRF, and XSS, points to a pattern of past security weaknesses. The use of an outdated bundled library (Select2 v3.2) also introduces potential risks.

Overall, while the plugin has made progress in certain security areas, the combination of a large unprotected attack surface, high-severity taint flows, and a history of various vulnerabilities means that careful consideration and potential remediation are necessary to ensure its security.

Key Concerns

  • 11 AJAX handlers without auth checks
  • 2 high severity taint flows
  • Bundled outdated library Select2 v3.2
  • Total 7 known CVEs in history
  • 1 high severity past CVE
  • 6 medium severity past CVEs
  • 7 flows with unsanitized paths
Vulnerabilities
7 published

Request a Quote Form Plugin – Price Quote Request Management Made Easy Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
2 CVEs in 2022
2022
1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
6

7 total CVEs

CVE-2025-64248medium · 4.3Missing Authorization

Request a Quote <= 2.5.3 - Missing Authorization

Dec 15, 2025 Patched in 2.5.4 (5d)
CVE-2024-6231medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Request a Quote <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 2, 2024 Patched in 2.4.1 (39d)
WF-9854d09a-2fab-46e6-9fc1-ff6d68df2662-request-a-quotemedium · 4.3Cross-Site Request Forgery (CSRF)

Request a Quote <= 2.3.10 - Cross-Site Request Forgery

Jun 30, 2023 Patched in 2.3.11 (207d)
CVE-2022-2239medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Request a Quote <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 28, 2022 Patched in 2.3.8 (574d)
CVE-2022-2240high · 8.3Improper Neutralization of Formula Elements in a CSV File

Request a Quote <= 2.3.8 - CSV Injection

Jun 28, 2022 Patched in 2.3.9 (574d)
CVE-2021-24489medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Request a Quote <= 2.3.4 - Stored Cross-Site Scripting

Sep 21, 2021 Patched in 2.3.5 (854d)
CVE-2021-24420medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Request a Quote <= 2.3.3 - Authenticated Stored Cross-Site Scripting

Jun 16, 2021 Patched in 2.3.4 (951d)
Version History

Request a Quote Form Plugin – Price Quote Request Management Made Easy Release Timeline

v2.5.5Current
v2.5.4
v2.5.31 CVE
CVE-2025-64248
v2.5.21 CVE
CVE-2025-64248
v2.5.11 CVE
CVE-2025-64248
v2.5.01 CVE
CVE-2025-64248
v2.4.11 CVE
CVE-2025-64248
v2.4.02 CVEs
CVE-2025-64248 CVE-2024-6231
v2.3.112 CVEs
CVE-2025-64248 CVE-2024-6231
v2.3.103 CVEs
CVE-2025-64248 CVE-2024-6231 WF-9854d09a-2fab-46e6-9fc1-ff6d68df2662-request-a-quote
v2.3.93 CVEs
CVE-2025-64248 CVE-2024-6231 WF-9854d09a-2fab-46e6-9fc1-ff6d68df2662-request-a-quote
v2.3.84 CVEs
CVE-2025-64248 CVE-2024-6231 WF-9854d09a-2fab-46e6-9fc1-ff6d68df2662-request-a-quote +1 more
v2.3.75 CVEs
CVE-2025-64248 CVE-2022-2239 CVE-2024-6231 +2 more
v2.3.65 CVEs
CVE-2025-64248 CVE-2022-2239 CVE-2024-6231 +2 more
v2.3.55 CVEs
CVE-2025-64248 CVE-2022-2239 CVE-2024-6231 +2 more
v2.3.46 CVEs
CVE-2025-64248 CVE-2021-24489 CVE-2022-2239 +3 more
v2.3.37 CVEs
CVE-2021-24420 CVE-2025-64248 CVE-2021-24489 +4 more
v2.3.27 CVEs
CVE-2021-24420 CVE-2025-64248 CVE-2021-24489 +4 more
v2.3.17 CVEs
CVE-2021-24420 CVE-2025-64248 CVE-2021-24489 +4 more
v2.3.07 CVEs
CVE-2021-24420 CVE-2025-64248 CVE-2021-24489 +4 more
Code Analysis
Analyzed Mar 16, 2026

Request a Quote Form Plugin – Price Quote Request Management Made Easy Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
22 prepared
Unescaped Output
238
1265 escaped
Nonce Checks
27
Capability Checks
23
File Operations
2
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:495
preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:516

Bundled Libraries

Select23.2

SQL Query Safety

100% prepared22 total queries

Output Escaping

84% escaped1503 total outputs
Data Flows · Security
7 unsanitized

Data Flow Analysis

15 flows7 with unsanitized paths
emd_form_builder_lite_get_field (includes\emd-form-builder-lite\emd-form-builder.php:831)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Request a Quote Form Plugin – Price Quote Request Management Made Easy Attack Surface

Entry Points33
Unprotected11

AJAX Handlers 31

authwp_ajax_emd_insert_new_shcincludes\admin\shortcode-list-functions.php:72
authwp_ajax_emd_get_std_pagenumincludes\class-install-deactivate.php:55
noprivwp_ajax_emd_get_std_pagenumincludes\class-install-deactivate.php:56
authwp_ajax_emd_load_fileincludes\class-install-deactivate.php:57
noprivwp_ajax_emd_load_fileincludes\class-install-deactivate.php:58
authwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:59
noprivwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:60
authwp_ajax_emd_check_userEmailincludes\common-functions.php:541
authwp_ajax_emd_check_uniqueincludes\common-functions.php:570
authwp_ajax_emd_get_ajax_statesincludes\country-functions.php:1867
noprivwp_ajax_emd_get_ajax_statesincludes\country-functions.php:1868
authwp_ajax_emd_form_builder_lite_get_fieldincludes\emd-form-builder-lite\emd-form-builder.php:830
authwp_ajax_emd_form_builder_lite_get_pageincludes\emd-form-builder-lite\emd-form-builder.php:1192
authwp_ajax_emd_form_builder_lite_get_rowincludes\emd-form-builder-lite\emd-form-builder.php:1245
authwp_ajax_emd_form_builder_lite_save_formincludes\emd-form-builder-lite\emd-form-builder.php:1272
authwp_ajax_emd_form_builder_lite_get_hrincludes\emd-form-builder-lite\emd-form-builder.php:1391
authwp_ajax_emd_form_builder_lite_get_htmlincludes\emd-form-builder-lite\emd-form-builder.php:1411
authwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:9
noprivwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:10
noprivwp_ajax_emd_check_userEmailincludes\emd-form-builder-lite\emd-form-frontend.php:11
noprivwp_ajax_emd_check_uniqueincludes\emd-form-builder-lite\emd-form-frontend.php:12
noprivwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1931
authwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1932
noprivwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2019
authwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2020
authwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1091
noprivwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1092
noprivwp_ajax_emd_verify_emailincludes\login-register-functions.php:106
authwp_ajax_emd_verify_emailincludes\login-register-functions.php:107
authwp_ajax_request_a_quote_send_deactivate_reasonincludes\plugin-feedback-functions.php:11
authwp_ajax_request_a_quote_show_ratemeincludes\plugin-feedback-functions.php:16

Shortcodes 2

[emd_form] includes\emd-form-builder-lite\emd-form-frontend.php:400
[contact_list] includes\entities\emd-quote-shortcodes.php:56
WordPress Hooks 82
actionemd_display_settings_notifyincludes\admin\class-emd-notifications.php:38
actionrequest_a_quote_getting_startedincludes\admin\getting-started.php:9
actionrequest_a_quote_settings_glossaryincludes\admin\glossary.php:9
actionemd_notifyincludes\admin\notify-actions.php:91
actionlogin_redirectincludes\admin\notify-actions.php:92
filterwp_mail_from_nameincludes\admin\notify-actions.php:139
filterwp_mail_fromincludes\admin\notify-actions.php:146
actionemd_ext_registerincludes\admin\settings-functions-misc.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-misc.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-misc.php:13
actionemd_ext_registerincludes\admin\settings-functions.php:11
actionemd_show_settings_pageincludes\admin\settings-functions.php:12
actionemd_show_shortcodes_pageincludes\admin\shortcode-list-functions.php:4
actionemd_create_shc_with_filtersincludes\admin\shortcode-list-functions.php:53
filtermedia_buttonsincludes\admin\wpas-btn-functions.php:10
actionadmin_footerincludes\admin\wpas-btn-functions.php:11
filterkses_allowed_protocolsincludes\admin\wpas-btn-functions.php:222
filterposts_whereincludes\class-emd-query.php:91
filterposts_joinincludes\class-emd-query.php:94
filteremd_wp_session_cookie_secureincludes\class-emd-session.php:59
filteremd_wp_session_cookie_httponlyincludes\class-emd-session.php:60
filteremd_wp_session_delete_batch_sizeincludes\class-emd-session.php:61
actionadmin_initincludes\class-install-deactivate.php:21
actionwp_headincludes\class-install-deactivate.php:33
actionadmin_initincludes\class-install-deactivate.php:37
actionadmin_noticesincludes\class-install-deactivate.php:41
actiongenerate_rewrite_rulesincludes\class-install-deactivate.php:45
filterquery_varsincludes\class-install-deactivate.php:46
actionadmin_initincludes\class-install-deactivate.php:47
actionbefore_delete_postincludes\class-install-deactivate.php:51
actioninitincludes\class-install-deactivate.php:61
filtertiny_mce_before_initincludes\class-install-deactivate.php:66
actionemd_ext_set_confincludes\emd-form-builder-lite\emd-form-builder.php:12
actionemd_ext_initincludes\emd-form-builder-lite\emd-form-builder.php:22
filterposts_whereincludes\emd-form-builder-lite\emd-form-builder.php:48
actionemd_ext_admin_enqincludes\emd-form-builder-lite\emd-form-builder.php:50
actionemd_show_forms_lite_pageincludes\emd-form-builder-lite\emd-form-builder.php:282
actioninitincludes\emd-form-builder-lite\emd-form-frontend.php:44
filteremd_ext_parse_tagsincludes\emd-form-builder-lite\emd-form-functions.php:775
actioninitincludes\emd-form-builder-lite\emd-form-functions.php:801
filterkses_allowed_protocolsincludes\emd-form-builder-lite\emd-form-functions.php:1169
actionemd_ext_registerincludes\emd-form-builder-lite\settings-functions-login.php:12
filteremd_add_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:13
actionemd_show_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:14
actionemd_ext_admin_enqincludes\emd-lite\emd-lite.php:8
filteremd_lite_modalincludes\emd-lite\emd-lite.php:26
actionsave_postincludes\entities\class-emd-entity.php:96
actionsave_postincludes\entities\class-emd-entity.php:133
actioninitincludes\entities\class-emd-quote.php:27
actionadmin_initincludes\entities\class-emd-quote.php:31
actionsave_postincludes\entities\class-emd-quote.php:35
filterpost_updated_messagesincludes\entities\class-emd-quote.php:39
actionadmin_menuincludes\entities\class-emd-quote.php:47
actionadmin_head-edit.phpincludes\entities\class-emd-quote.php:51
actionmanage_emd_quote_posts_custom_columnincludes\entities\class-emd-quote.php:57
filtermanage_emd_quote_posts_columnsincludes\entities\class-emd-quote.php:61
filterpost_row_actionsincludes\entities\class-emd-quote.php:66
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-quote.php:70
actionadmin_noticesincludes\entities\class-emd-quote.php:479
filterthe_titleincludes\entities\class-emd-quote.php:510
actionwp_footerincludes\entities\emd-quote-shortcodes.php:69
filterwidget_textincludes\entities\emd-quote-shortcodes.php:78
filterwidget_textincludes\entities\emd-quote-shortcodes.php:79
filteremd_show_temp_sidebarincludes\layout-functions.php:166
actionemd_sidebarincludes\layout-functions.php:196
actionwidgets_initincludes\layout-functions.php:213
filteremd_show_temp_navigationincludes\layout-functions.php:290
filteremd_show_single_edit_linkincludes\layout-functions.php:320
filteremd_change_containerincludes\layout-functions.php:332
filteremd_get_login_register_option_for_viewsincludes\login-register-functions.php:8
actionemd_show_login_register_formsincludes\login-register-functions.php:22
filterplugin_row_metaincludes\plugin-feedback-functions.php:9
filterplugin_action_linksincludes\plugin-feedback-functions.php:10
actionadmin_footerincludes\plugin-feedback-functions.php:14
actionadmin_noticesincludes\plugin-feedback-functions.php:17
actionadmin_post_request-a-quote_check_optinincludes\plugin-feedback-functions.php:18
actionadmin_enqueue_scriptsincludes\scripts.php:9
actionwp_enqueue_scriptsincludes\scripts.php:135
actionadmin_print_footer_scriptsincludes\scripts.php:198
filterthe_contentrequest-a-quote.php:58
actionadmin_menurequest-a-quote.php:62
filtertemplate_includerequest-a-quote.php:66
Maintenance & Trust

Request a Quote Form Plugin – Price Quote Request Management Made Easy Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version
Downloads96K

Community Trust

Rating96/100
Number of ratings43
Active installs1K
Alternatives

Request a Quote Form Plugin – Price Quote Request Management Made Easy Alternatives

Calculated Fields Form

Calculated Fields Form

calculated-fields-form

A
86

The CFF plugin allows you to create both simple and professional forms. Its form builder includes dynamic calculated fields and many other controls.

40K 17 CVEs
Product Enquiry for WooCommerce

Product Enquiry for WooCommerce

product-enquiry-for-woocommerce

A
99

Product Enquiry allows prospective customers to "Make an Enquiry" about a product, or "Request a Quote" right from within the product page.

10K 1 CVE
YITH Request a Quote for WooCommerce

YITH Request a Quote for WooCommerce

yith-woocommerce-request-a-quote

A
93

The YITH Request a Quote for WooCommerce plugin lets your customers ask for an estimate of a list of products they are interested into.

10K 3 CVEs
eCommerce Product Catalog Plugin for WordPress

eCommerce Product Catalog Plugin for WordPress

ecommerce-product-catalog

A
94

eCommerce Product Catalog is a powerful and free plugin to sell with a beautiful eCommerce or request for a quote WordPress website.

8K 16 CVEs
Call for Price for WooCommerce

Call for Price for WooCommerce

woocommerce-call-for-price

A
99

Allow customers to "Request a quote" or "Call for price" for WooCommerce products. You can show or hide the product price globally or per product.

8K 1 CVE
Developer Profile

Request a Quote Form Plugin – Price Quote Request Management Made Easy Developer Profile

emarket-design

10 plugins · 4K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
247 days
View full developer profile
Detection Fingerprints

How We Detect Request a Quote Form Plugin – Price Quote Request Management Made Easy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/request-a-quote/assets/css/request-a-quote.css/wp-content/plugins/request-a-quote/assets/css/emd-form-builder-lite.css/wp-content/plugins/request-a-quote/assets/css/emd-lite.css/wp-content/plugins/request-a-quote/assets/js/request-a-quote.js/wp-content/plugins/request-a-quote/assets/js/emd-form-builder-lite.js/wp-content/plugins/request-a-quote/assets/js/emd-lite.js/wp-content/plugins/request-a-quote/includes/admin/wpas-btn-functions.php
Script Paths
/wp-content/plugins/request-a-quote/assets/js/request-a-quote.js/wp-content/plugins/request-a-quote/assets/js/emd-form-builder-lite.js/wp-content/plugins/request-a-quote/assets/js/emd-lite.js
Version Parameters
request-a-quote/assets/css/request-a-quote.css?ver=request-a-quote/assets/css/emd-form-builder-lite.css?ver=request-a-quote/assets/css/emd-lite.css?ver=request-a-quote/assets/js/request-a-quote.js?ver=request-a-quote/assets/js/emd-form-builder-lite.js?ver=request-a-quote/assets/js/emd-lite.js?ver=

HTML / DOM Fingerprints

CSS Classes
emd-request-a-quote-form
HTML Comments
<!-- emd_quote --><!-- emd_quote_list --><!-- emd_quote_edit --><!-- emd_quote_thankyou -->+1 more
Data Attributes
data-emd-form-iddata-entity
JS Globals
emd_quote_obj
REST Endpoints
/wp-json/request-a-quote/v1/forms/wp-json/request-a-quote/v1/quotes/wp-json/request-a-quote/v1/settings
Shortcode Output
[emd_quote][emd_quote_list][emd_quote_edit][emd_quote_thankyou]
FAQ

Frequently Asked Questions about Request a Quote Form Plugin – Price Quote Request Management Made Easy