VYPR

Inquiry Cart

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-4090MedApr 22, 2026
    risk 0.40cvss 6.1epss 0.00

    The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd_ic_settings_page function when processing settings form submissions. This makes it possible for…

  • CVE-2024-5155MedJun 14, 2024
    risk 0.40cvss 6.1epss 0.00

    The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack