WP-Safety

Request a Quote Pro by Aavoya Security & Risk Analysis

wordpress.org/plugins/request-a-quote-pro-by-aavoya

Request a Quote Pro by Aavoya WooCommerce plugin enables your customers query for an estimate of a list of products they are interested.

0 active installs v2022.11 PHP 7.3.0+ WP 4.7+ Updated Nov 3, 2022
ecommerceformpopupwoocommercewoocommerce-request-a-quote-shortcode
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Request a Quote Pro by Aavoya Safe to Use in 2026?

Generally Safe

Score 85/100

Request a Quote Pro by Aavoya has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The 'request-a-quote-pro-by-aavoya' v2022.11 plugin exhibits a concerning security posture primarily due to a large number of unprotected AJAX handlers. While the plugin demonstrates good practices in other areas such as using prepared statements for SQL queries and a high percentage of properly escaped output, the sheer volume of entry points without proper authentication checks creates a significant attack surface. The taint analysis reveals several flows with unsanitized paths, including a concerning number of high severity issues. This suggests that user-supplied data, if not properly validated and sanitized before being used in these flows, could lead to exploitable vulnerabilities, despite the lack of recorded CVEs. The absence of known vulnerabilities in its history is a positive sign, but it does not negate the risks identified in the static and taint analysis of the current version.

Key Concerns

  • Large attack surface without auth checks
  • High severity taint flows with unsanitized paths
  • Use of unserialize function
  • Missing nonce checks on AJAX handlers
  • Limited capability checks
Vulnerabilities
None known

Request a Quote Pro by Aavoya Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Request a Quote Pro by Aavoya Code Analysis

Dangerous Functions
24
Raw SQL Queries
0
0 prepared
Unescaped Output
38
152 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$e[$key]['entry'] = unserialize($entry->post_content);awraq\Base\Entries.php:33
unserializeecho json_encode(unserialize($meta));awraq\Base\Forms.php:218
unserializeecho json_encode(unserialize($meta));awraq\Base\Forms.php:257
unserializeecho json_encode(unserialize($googleCaptchKeys));awraq\Base\Gcaptcha.php:50
unserialize$ipToBlock = unserialize($blockedIp);awraq\Base\Ip.php:23
unserialize$blockedIp = unserialize($blockedIp);awraq\Base\Ip.php:37
unserialize$metastyle = unserialize(get_option('aavoya_wraq_global_settings',null));awraq\Base\Meta.php:16
unserializereturn unserialize(get_post_meta($posts, 'aavoya_wraq_meta_key', true));awraq\Base\Meta.php:63
unserialize$postMeta = unserialize(get_post_meta($post->ID, 'aavoya_wraq_meta_key', true));awraq\Base\Meta.php:76
unserializereturn unserialize(get_post_meta($id, '_awraq_button_data', true));awraq\Base\Meta.php:94
unserializereturn unserialize(get_post_meta($id, '_awraq_form_data', true));awraq\Base\Meta.php:100
unserialize$adminNotificationSettings = unserialize(get_post_meta($formID, 'awraqFormAdminNotification', true))awraq\Frontend\Emails\Email.php:225
unserialize$userNotificationSettins = unserialize(get_post_meta($formID, 'awraqFormUserNotification', true));awraq\Frontend\Emails\Email.php:260
unserialize$captchaKeys = unserialize($captchaKeys);awraq\Frontend\Form\Action\Gcaptcha.php:22
unserialize$blockedIp = unserialize($blockedIp);awraq\Frontend\Form\Action\Ip.php:19
unserialize$ipToBlock = unserialize($blockedIp);awraq\Frontend\Form\Action\Ip.php:37
unserialize$formValidatinErrors = unserialize($formValidatinErrors);awraq\Frontend\Form\Essentials\Error.php:15
unserialize$gCaptchaCredentials = unserialize(self::$gCaptchaCredentials);awraq\Frontend\Form\Essentials\Gcaptcha.php:40
unserializereturn unserialize($formOldValues);awraq\Frontend\Form.php:107
unserialize$raqMeta = unserialize($raqMeta);awraq\Frontend\Woocommerce\Woo.php:69
unserializearray_push($raqMetaArray,array($product_category->term_id,unserialize($raqMeta)));awraq\Frontend\Woocommerce\Woo.php:93
unserializearray_push($raqMetaArray,array($product_tag->term_id,unserialize($raqMeta)));awraq\Frontend\Woocommerce\Woo.php:128
unserialize$term_meta = unserialize(get_term_meta($value->term_id, 'awraq_term_meta', true));awraq\Thirdparty\Woho.php:84
unserialize$term_meta = unserialize(get_term_meta($value->term_id, 'awraq_term_meta', true));awraq\Thirdparty\Woho.php:142

Output Escaping

80% escaped190 total outputs
Data Flows
21 unsanitized

Data Flow Analysis

23 flows21 with unsanitized paths
awraqEntryOpened (awraq\Base\Entries.php:64)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
31 unprotected

Request a Quote Pro by Aavoya Attack Surface

Entry Points33
Unprotected31

AJAX Handlers 31

authwp_ajax_awraqCreatePostawraq\Base\Button.php:14
authwp_ajax_awraqLoadPostawraq\Base\Button.php:15
authwp_ajax_awraqDeletePostawraq\Base\Button.php:16
authwp_ajax_awraqSavePostawraq\Base\Button.php:17
authwp_ajax_awraqEntriesGetawraq\Base\Entries.php:12
authwp_ajax_awraqEntryDeleteawraq\Base\Entries.php:13
authwp_ajax_awraqEntryOpenedawraq\Base\Entries.php:14
authwp_ajax_awraqGetFormsawraq\Base\Forms.php:15
authwp_ajax_awraqGetFormHavingMetaawraq\Base\Forms.php:16
authwp_ajax_awraqCreateFormsawraq\Base\Forms.php:17
authwp_ajax_awraqSaveFormDataawraq\Base\Forms.php:18
authwp_ajax_awraqGetFormMetaawraq\Base\Forms.php:19
authwp_ajax_awraqDeleteFormawraq\Base\Forms.php:20
authwp_ajax_awraqGetCaptchMetaawraq\Base\Forms.php:21
authwp_ajax_awraqGetCaptchaMetaawraq\Base\Forms.php:22
authwp_ajax_awraqUpdateCaptchaMetaawraq\Base\Forms.php:23
authwp_ajax_awraqGetAdminFormMetaawraq\Base\Forms.php:24
authwp_ajax_awraqUpdateAdminFormMetaawraq\Base\Forms.php:25
authwp_ajax_awraqGetUserFormMetaawraq\Base\Forms.php:26
authwp_ajax_awraqUpdateUserFormMetaawraq\Base\Forms.php:27
authwp_ajax_awraqCheckCaptchaawraq\Base\Gcaptcha.php:19
authwp_ajax_awraqGetCaptchaKeysawraq\Base\Gcaptcha.php:20
authwp_ajax_awraqSetCaptchaKeysawraq\Base\Gcaptcha.php:21
authwp_ajax_awraqBlockIpawraq\Base\Ip.php:12
authwp_ajax_awraqGetBlockedIpsawraq\Base\Ip.php:13
authwp_ajax_awraqUpdateBlockedIpsawraq\Base\Ip.php:14
authwp_ajax_awraqProductsawraq\Thirdparty\Woho.php:14
authwp_ajax_awraqUpdateProductawraq\Thirdparty\Woho.php:15
authwp_ajax_awraqGetProductCatawraq\Thirdparty\Woho.php:16
authwp_ajax_awarqUpdateProductTermawraq\Thirdparty\Woho.php:17
authwp_ajax_awraqGetProductTagawraq\Thirdparty\Woho.php:18

Shortcodes 2

[awraq] awraq\Frontend\Shortcode.php:23
[awraqf] awraq\Frontend\Shortcode.php:24
WordPress Hooks 16
actionadmin_enqueue_scriptsawraq\Base\Enqueue.php:14
actionadmin_noticesawraq\Base\Notice.php:17
actionadmin_noticesawraq\Base\Notice.php:24
actionadmin_noticesawraq\Base\Notice.php:31
actionadmin_noticesawraq\Base\Notice.php:38
actionadmin_post_awraqfSubmitawraq\Frontend\Action.php:22
actionadmin_post_nopriv_awraqfSubmitawraq\Frontend\Action.php:23
filterwp_mail_fromawraq\Frontend\Emails\Email.php:195
filterwp_mail_from_nameawraq\Frontend\Emails\Email.php:198
filterwp_mail_content_typeawraq\Frontend\Emails\Email.php:205
actionwp_footerawraq\Frontend\Form\Essentials\Gcaptcha.php:44
actionwp_footerawraq\Frontend\Form\Inputs\Date.php:41
actiontemplate_redirectawraq\Frontend\Woocommerce\Woo.php:18
actionwoocommerce_single_product_summaryawraq\Frontend\Woocommerce\Woo.php:163
actionadmin_menuawraq\Page\Ui.php:14
actionplugins_loadedrequest-a-quote-pro-by-aavoya.php:59
Maintenance & Trust

Request a Quote Pro by Aavoya Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedNov 3, 2022
PHP min version7.3.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Request a Quote Pro by Aavoya Alternatives

Storefront Homepage Contact Section

Storefront Homepage Contact Section

storefront-homepage-contact-section

A
85

Add a "Contact" section to the Storefront homepage.

1K No CVEs
Live Sales Notification (Recent Sales Popups)

Live Sales Notification (Recent Sales Popups)

sales-pop

A
85

Beautiful live sales popups to feed recent orders to visitors. Best social proof to motivate customers to purchase and build brand trust.

400 No CVEs
ComboBlocks — Block Library & Page Builder

ComboBlocks — Block Library & Page Builder

combo-blocks

A
100

Landing Page Builder, Blog Builder, eCommerce Builder, Niche Site Builder, News Site Builder and More.

100 No CVEs
SagePay Form Gateway for WooCommerce

SagePay Form Gateway for WooCommerce

sagepay-form-gateway-for-woocommerce

A
85

SagePay Form Gateway for accepting payments on your WooCommerce Store.

90 No CVEs
Automatic Lead Generator for WooCommerce

Automatic Lead Generator for WooCommerce

coupon-pop-for-wp

A
92

Automatic Lead Generator plugin increasing your visitors' engagement and conversion rate from day one!

50 No CVEs
Developer Profile

Request a Quote Pro by Aavoya Developer Profile

Pijush Gupta

3 plugins · 400 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Request a Quote Pro by Aavoya

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/request-a-quote-pro-by-aavoya/assets/dist/main.js/wp-content/plugins/request-a-quote-pro-by-aavoya/assets/dist/main.css
Script Paths
/wp-content/plugins/request-a-quote-pro-by-aavoya/assets/dist/main.js
Version Parameters
request-a-quote-pro-by-aavoya/assets/dist/main.js?ver=1.0.0request-a-quote-pro-by-aavoya/assets/dist/main.css?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
aavoyadateaavoyamt-2
Data Attributes
name="google-captcha-name="google-captcha-
JS Globals
Awraq\Base\EnqueueAwraq\Frontend\Form\Essentials\GcaptchaAwraq\Frontend\Form\Inputs\Date
FAQ

Frequently Asked Questions about Request a Quote Pro by Aavoya