VYPR

Product Enquiry For Woocommerce

by WordPress

Source repositories

CVEs (8)

  • CVE-2024-8922HigSep 27, 2024
    risk 0.50cvss 8.8epss 0.01

    The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possible for authenticated…

  • CVE-2023-47696HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.

  • CVE-2023-7151MedJan 16, 2024
    risk 0.40cvss 6.1epss 0.00

    The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2024-3964MedJul 13, 2024
    risk 0.38cvss 5.9epss 0.00

    The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…

  • CVE-2023-29170MedApr 7, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.

  • CVE-2023-49761MedDec 18, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.

  • CVE-2023-6626MedJan 22, 2024
    risk 0.31cvss 4.8epss 0.00

    The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…

  • CVE-2023-6625MedJan 22, 2024
    risk 0.28cvss 4.3epss 0.00

    The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack