A critical vulnerability has been identified in the "Request a Quote Form" plugin for WordPress, which allows for Remote Code Execution. An attacker could exploit this flaw to gain complete control over an affected website without needing any prior access. This could lead to a full server compromise, resulting in data theft, website defacement, or the use of the server for further malicious activities.

The "Request a Quote Form" plugin is vulnerable to Remote Code Execution (RCE). This is likely due to a lack of proper input sanitization or validation on data submitted to the plugin. An unauthenticated attacker can send a specially crafted request to the vulnerable website, which injects malicious code that is then executed by the server with the permissions of the web service account. This effectively gives the attacker a shell on the server, allowing them to read, write, or delete files, install malware, and pivot to other systems on the network.

This vulnerability presents a High severity risk with a CVSS score of 8.1. A successful exploit would have a severe impact on the business, leading to a complete compromise of the web application and underlying server. The potential consequences include a breach of sensitive data (customer PII, transaction history), significant reputational damage, financial loss from downtime or recovery costs, and potential legal or regulatory penalties. A compromised server could also be used to launch attacks against other internal or external targets, further escalating the risk and liability for the organization.

Immediate Action:

• Identify all WordPress instances using the "Request a Quote Form" plugin.
• Update the plugin to the latest patched version immediately.
• If the plugin is no longer required for business operations, it should be deactivated and completely removed from the WordPress installation.
• Review WordPress security settings to ensure user roles and file permissions are configured according to the principle of least privilege.

Proactive Monitoring:

• Monitor web server access logs for unusual or malformed POST requests targeting the plugin's files or endpoints.
• Implement File Integrity Monitoring (FIM) to detect unauthorized changes to plugin files or the creation of new files (e.g., .php web shells) in web-accessible directories.
• Analyze outbound network traffic from the web server for suspicious connections to unknown command-and-control (C2) servers.

Compensating Controls:

• If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules designed to block common code injection and RCE attack patterns.
• Restrict file permissions on the web server to prevent the web service account from writing to or executing files in sensitive directories.
• Segment the web server from the rest of the corporate network to limit the potential impact of a compromise.

Public Exploit Available: false

Given the High severity rating (CVSS 8.1) and the critical impact of a Remote Code Execution vulnerability, this issue must be addressed with extreme urgency. The lack of a CISA KEV listing should not diminish the priority, as such vulnerabilities are often exploited before they are added to the catalog. We strongly recommend that all internet-facing systems with the affected plugin be patched immediately. A full compromise of a public-facing web server should be considered a critical business risk.