The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_delete_file AJAX action. This is due to the emd_delete_file() handler deriving a PHP function name from the attacker-controlled $_POST['path'] parameter and invoking it dynamically via the variable-function call $sess_name(), and the handler being registered for wp_ajax_nopriv with its only protection being a nonce that the plugin prints into the public quote-form page via wp_localize_script. This makes it possible for unauthenticated attackers to invoke arbitrary zero-argument PHP functions on the server, such as phpinfo(), potentially exposing sensitive server configuration and credentials, or executing other destructive built-in PHP functions.
CVE-2026-14249
Score 7.5 from GitHub Security Advisory (severity: HIGH) published 2026-07-02. a secondary CVSS source baseline 7.5; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 7.5
- EG Score
- 7.5(high)
- EPSS
- 25.3%
- KEV
- Not listed
Published
July 2, 2026
Last Modified
July 2, 2026
References (6)
- security@wordfencehttps://plugins.trac.wordpress.org/browser/request-a-quote/tags/2.5.5/includes/class-install-deactivate.php#L60
- security@wordfencehttps://plugins.trac.wordpress.org/browser/request-a-quote/tags/2.5.5/includes/common-functions.php#L1035
- security@wordfencehttps://plugins.trac.wordpress.org/browser/request-a-quote/tags/2.5.5/includes/common-functions.php#L1038
- security@wordfencehttps://plugins.trac.wordpress.org/browser/request-a-quote/tags/2.5.5/includes/emd-form-builder-lite/emd-form-frontend.php#L1187
- security@wordfencehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3592676%40request-a-quote&new=3592676%40request-a-quote&sfp_email=&sfph_mail=
- security@wordfencehttps://www.wordfence.com/threat-intel/vulnerabilities/id/5a349c4f-d2e7-47af-9013-3cfa496b3b8c?source=cve
Vendor Advisories for CVE-2026-14249(1)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 27× in last 7d / 27× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-06 21:08 UTCEG score recompute
- 2026-07-06 21:08 UTCGHSA enrichment
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 10:08 UTCEG score recompute
- 2026-07-06 10:08 UTCGHSA enrichment
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-05 23:09 UTCEG score recompute
- 2026-07-05 23:09 UTCGHSA enrichment
- 2026-07-05 12:10 UTCEG score recompute
- 2026-07-05 12:10 UTCGHSA enrichment
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-05 01:12 UTCEG score recompute
- 2026-07-05 01:12 UTCGHSA enrichment
- 2026-07-04 14:10 UTCEG score recompute
- 2026-07-04 14:10 UTCGHSA enrichment
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-04 03:12 UTCEG score recompute
- 2026-07-04 03:12 UTCGHSA enrichment
- 2026-07-03 16:12 UTCEG score recompute
- 2026-07-03 16:12 UTCGHSA enrichment
- 2026-07-03 05:13 UTCEG score recompute
- 2026-07-03 05:13 UTCGHSA enrichment
- 2026-07-02 18:16 UTCEG score recompute
- 2026-07-02 18:16 UTCGHSA enrichment
Show 2 moreShow fewer
- 2026-07-02 07:18 UTCEG score recompute
- 2026-07-02 07:18 UTCGHSA enrichment
Related CVEs(same CWE)
Same CWE
10 shownCWE-74
- CVE-2015-10062NVD 5.5EG 9.8MEDIUM
- CVE-2015-10027NVD 5.5EG 9.8MEDIUM
- CVE-2016-15007NVD 5.5EG 9.8MEDIUM
- CVE-2016-15004NVD 7.3EG 9.8HIGH
- CVE-2013-4144EG 9.8CRITICAL
- CVE-2013-7487EG 9.8CRITICAL
- CVE-2014-4678EG 9.8EPSS 91%CRITICAL
- CVE-2014-4967EG 9.8CRITICAL
- CVE-2014-4966EG 9.8CRITICAL
- CVE-2013-7381EG 9.8CRITICAL
Frequently asked(5)
What is CVE-2026-14249?
When was CVE-2026-14249 disclosed?
Is CVE-2026-14249 actively exploited?
What is the CVSS score of CVE-2026-14249?
How do I remediate CVE-2026-14249?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-14249
Is Your Infrastructure Affected by CVE-2026-14249?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.