Lucene search
WPScanCVELIST:CVE-2023-6626HistoryJan 22, 2024 - 7:14 p.m.
CVE-2023-6626 Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS
2024-01-2219:14:28
WPScan
www.cve.org
2
cve-2023-6626
product enquiry
stored xss
wordpress plugin
cross-site scripting
admin
EPSS
0
Percentile
14.0%
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CNA Affected
[
{
"vendor": "Unknown",
"product": "Product Enquiry for WooCommerce",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site scripting
2024-01-22 20:15:00
nvd
nvd
CVE-2023-6626
2024-01-22 20:15:47
cve
cve
CVE-2023-6626
2024-01-22 20:15:47
wpvulndb
wpvulndb
Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS
2023-12-28 00:00:00
wpexploit
wpexploit
Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS
2023-12-28 00:00:00