Does YITH Request a Quote for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in YITH Request a Quote for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YITH Request a Quote for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, YITH Request a Quote for WooCommerce 2.48.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is YITH Request a Quote for WooCommerce compatible with PHP 7.4+?

YITH Request a Quote for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YITH Request a Quote for WooCommerce updated?

YITH Request a Quote for WooCommerce was last updated on Mar 6, 2026. Frequent updates are generally a positive security signal.

What is YITH Request a Quote for WooCommerce's security score?

YITH Request a Quote for WooCommerce has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YITH Request a Quote for WooCommerce Security & Risk Analysis

wordpress.org/plugins/yith-woocommerce-request-a-quote

The YITH Request a Quote for WooCommerce plugin lets your customers ask for an estimate of a list of products they are interested into.

10K active installs v2.48.0 PHP 7.4+ WP 6.7+ Updated Mar 6, 2026

quoterequest-a-quoterequest-a-quote-buttonwoocommerce-request-a-quote-shortcodewoocommerce-request-for-quote

A · Safe

CVEs total3

Unpatched0

Last CVEJan 9, 2026

Plugin page Download

Safety Verdict

Is YITH Request a Quote for WooCommerce Safe to Use in 2026?

Generally Safe

Score 93/100

YITH Request a Quote for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 9, 2026Updated 28d ago

Risk Assessment

The plugin "yith-woocommerce-request-a-quote" version 2.48.0 exhibits a generally good security posture with strong adherence to best practices in output escaping and the use of prepared statements for SQL queries. The static analysis reveals a relatively low number of critical code signals, with no identified dangerous functions, unsanitized paths in taint analysis, or file operations, which are all positive indicators. However, there is a notable concern regarding the attack surface, with one out of seven AJAX handlers lacking authentication checks. This single unprotected entry point, while not immediately critical, represents a potential avenue for attackers to exploit if a vulnerability exists within that handler.

The plugin's vulnerability history, while currently showing no unpatched CVEs, does reveal a past pattern of high and medium severity vulnerabilities, specifically related to Missing Authorization and Cross-Site Request Forgery (CSRF). This historical trend, coupled with the identified unprotected AJAX handler, suggests a recurring susceptibility to authorization bypasses or injection-like attacks if not carefully managed. The last recorded vulnerability in 2026 is noted, but the presence of historical high-severity issues warrants continued vigilance.

In conclusion, the plugin demonstrates strengths in code sanitization and secure query practices. Nevertheless, the presence of an unprotected AJAX endpoint and a history of significant vulnerabilities, particularly those related to authorization, present a moderate risk. Addressing the unprotected AJAX handler and maintaining a strong awareness of potential authorization-related flaws would significantly improve the plugin's overall security.

Key Concerns

Unprotected AJAX handler
Historical high severity CVEs (2)
Historical medium severity CVEs (1)
SQL queries not using prepared statements (30%)

Vulnerabilities

YITH Request a Quote for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2022

2022

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2026-24366medium · 5.3Missing Authorization

YITH WooCommerce Request A Quote <= 2.46.0 - Missing Authorization

Jan 9, 2026 Patched in 2.46.1 (26d)

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-woocommerce-request-a-quotehigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 2.15.1 (438d)

WF-190edd82-840d-4468-8f5a-127cce049336-yith-woocommerce-request-a-quotehigh · 8.8Cross-Site Request Forgery (CSRF)

YITH Request a Quote for WooCommerce <= 1.6.3 - Cross-Site Request Forgery

Jun 30, 2021 Patched in 1.6.4 (937d)

Code Analysis

Analyzed Mar 16, 2026

YITH Request a Quote for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

1588 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

70% prepared10 total queries

Output Escaping

94% escaped1686 total outputs

Data Flows

All sanitized

Data Flow Analysis

14 flows

<class.yith-request-quote> (includes\class.yith-request-quote.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

YITH Request a Quote for WooCommerce Attack Surface

Entry Points9

Unprotected1

AJAX Handlers 7

authwp_ajax_yith_ywraq_actionincludes\class.yith-request-quote.php:76

noprivwp_ajax_yith_ywraq_actionincludes\class.yith-request-quote.php:77

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63

authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86

authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138

authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37

authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101

Shortcodes 2

[yith_ywraq_request_quote] includes\class.yith-ywraq-shortcodes.php:25

[yith_ywraq_button_quote] includes\class.yith-ywraq-shortcodes.php:26

WordPress Hooks 135

filteryith_show_plugin_row_metaincludes\class.yith-request-quote-admin.php:83

actioninitincludes\class.yith-request-quote-admin.php:84

actionadmin_enqueue_scriptsincludes\class.yith-request-quote-admin.php:87

actionadmin_menuincludes\class.yith-request-quote-admin.php:116

actionwoocommerce_admin_field_ywraq_uploadincludes\class.yith-request-quote-admin.php:207

actionwp_loadedincludes\class.yith-request-quote-frontend.php:58

filterbody_classincludes\class.yith-request-quote-frontend.php:60

actionwoocommerce_before_single_productincludes\class.yith-request-quote-frontend.php:63

actiontemplate_redirectincludes\class.yith-request-quote-frontend.php:64

actionwp_enqueue_scriptsincludes\class.yith-request-quote-frontend.php:67

filterwoocommerce_loop_add_to_cart_linkincludes\class.yith-request-quote-frontend.php:70

actionwoocommerce_after_single_variationincludes\class.yith-request-quote-frontend.php:208

actionwoocommerce_after_add_to_cart_buttonincludes\class.yith-request-quote-frontend.php:210

actionwoocommerce_single_product_summaryincludes\class.yith-request-quote-frontend.php:213

actionwoocommerce_after_add_to_cart_buttonincludes\class.yith-request-quote-frontend.php:231

filterrender_block_woocommerce/add-to-cart-formincludes\class.yith-request-quote-frontend.php:233

actioninitincludes\class.yith-request-quote.php:73

filterywraq_ajax_add_item_is_validincludes\class.yith-request-quote.php:78

actionwp_loadedincludes\class.yith-request-quote.php:81

actionwp_loadedincludes\class.yith-request-quote.php:82

actionwpincludes\class.yith-request-quote.php:83

actionshutdownincludes\class.yith-request-quote.php:84

actionwp_loadedincludes\class.yith-request-quote.php:87

filterwoocommerce_email_classesincludes\class.yith-request-quote.php:90

actionwoocommerce_initincludes\class.yith-request-quote.php:91

actioninitincludes\class.yith-request-quote.php:92

actionywraq_clean_cronincludes\class.yith-request-quote.php:94

filteryith_ywraq_hide_price_templateincludes\class.yith-request-quote.php:96

filterwoocommerce_get_price_htmlincludes\class.yith-request-quote.php:99

filterwoocommerce_get_variation_price_htmlincludes\class.yith-request-quote.php:100

actionbefore_woocommerce_initincludes\class.yith-request-quote.php:103

actionsend_raq_mailincludes\class.yith-request-quote.php:618

actionwoocommerce_cleanup_sessionsincludes\class.yith-ywraq-session.php:81

actionshutdownincludes\class.yith-ywraq-session.php:82

actionclear_auth_cookieincludes\class.yith-ywraq-session.php:83

actionwoocommerce_thankyouincludes\class.yith-ywraq-session.php:85

actionsend_raq_mail_notificationincludes\emails\class.yith-ywraq-send-email-request-quote.php:58

actionadmin_noticesinit.php:62

actionadmin_noticesinit.php:142

actionplugins_loadedinit.php:170

actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50

actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52

actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62

actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64

actioninitplugin-fw\includes\class-yit-assets.php:47

actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50

actioninitplugin-fw\includes\class-yit-assets.php:52

actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970

actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971

actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80

actionsave_postplugin-fw\includes\class-yit-metabox.php:81

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82

filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99

filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102

actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104

actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112

actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126

actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137

actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243

filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245

filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260

filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44

actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118

actionadmin_initplugin-fw\includes\class-yit-pointers.php:119

actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36

actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147

actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65

actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67

actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120

actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122

filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123

filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125

filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126

filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127

filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129

actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137

filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95

actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96

actionadmin_initplugin-fw\includes\class-yith-system-status.php:97

actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99

actioninitplugin-fw\includes\class-yith-system-status.php:100

filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39

actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50

actionplugins_loadedplugin-fw\init.php:94

filterextra_theme_headersplugin-fw\yit-functions.php:602

filteryit_title_special_charactersplugin-fw\yit-functions.php:726

filterplugin_row_metaplugin-fw\yit-plugin.php:56

actionadmin_noticesplugin-fw\yit-plugin.php:298

actionplugins_loadedplugin-fw\yit-plugin.php:300

actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765

Scheduled Events 1

ywraq_clean_cron

Maintenance & Trust

YITH Request a Quote for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version7.4

Downloads1.1M

Community Trust

Rating68/100

Number of ratings65

Active installs10K

Alternatives

YITH Request a Quote for WooCommerce Alternatives

Appsila WooQuote

appsila-wooquote

Appsila WooQuote is a plugin that enables your customers send quote requests from your woocommerce shop which will then be tracked in a full functiona …

0 No CVEs

PSM Request a Quote for WooCommerce

psm-request-a-quote

100

Allow customers to request a quote for WooCommerce products with ease.

0 No CVEs

Request a Quote for WooCommerce – Get a Quote Button – Product Enquiry Form Popup – Product Quotation

get-a-quote-button-for-woocommerce

Request a Quote for WooCommerce and Elementor plugin shows a Contact Form 7 or WPForms popup on button click. Quote for WooCommerce, price on request.

6K 1 CVE

ELEX WooCommerce Request a Quote

elex-request-a-quote

ELEX Request a Quote plugin allows your customers to add products to a quote list, fill out a form, and request a custom price.

2K 1 unpatched

B2B Request a Quote

woo-add-to-quote

100

Add B2B quote requests to WooCommerce. Let your customers request, manage, and negotiate quotes comfortably to boost B2B sales on your WordPress site.

80 No CVEs

Developer Profile

YITH Request a Quote for WooCommerce Developer Profile

YITHEMES

33 plugins · 1.1M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

411 days

View full developer profile

Detection Fingerprints

How We Detect YITH Request a Quote for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yith-woocommerce-request-a-quote/assets/css/yith-ywraq-admin.css/wp-content/plugins/yith-woocommerce-request-a-quote/assets/css/yith-ywraq-frontend.css/wp-content/plugins/yith-woocommerce-request-a-quote/assets/js/yith-ywraq-admin.js/wp-content/plugins/yith-woocommerce-request-a-quote/assets/js/yith-ywraq-frontend.js

Script Paths

/wp-content/plugins/yith-woocommerce-request-a-quote/assets/js/yith-ywraq-admin.js/wp-content/plugins/yith-woocommerce-request-a-quote/assets/js/yith-ywraq-frontend.js

Version Parameters

yith-woocommerce-request-a-quote/assets/css/yith-ywraq-admin.css?ver=yith-woocommerce-request-a-quote/assets/css/yith-ywraq-frontend.css?ver=yith-woocommerce-request-a-quote/assets/js/yith-ywraq-admin.js?ver=yith-woocommerce-request-a-quote/assets/js/yith-ywraq-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

yith-ywraq-add-to-quoteyith-ywraq-request-quote-button

HTML Comments

+2 more

Data Attributes

data-yith-request-quote-iddata-yith-request-quote-product-iddata-yith-request-quote-product-ids

JS Globals

YITH_YWRAQ_frontendyith_ywraq_admin_paramsywreaq_frontend_params

Shortcode Output

[yith_ywraq_button][yith_ywraq_button product_id=...]

FAQ