CVE-2024-4856

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

WordPress FS Product Inquiry plugin <= 1.1.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin FS Product Inquiry versions = 1.1.1...

WordPress FS Product Inquiry plugin <= 1.1.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin FS Product Inquiry versions = 1.1.1...

CVE-2024-4857

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

CVE-2024-4856

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

CVE-2024-4857 FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

CVE-2024-4857 FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

PT-2024-33147 · WordPress · Fs Product Inquiry Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: FS Product Inquiry WordPress plugin versions 1.1.1 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. Thi...

PT-2024-33149 · WordPress · Fs Product Inquiry

Name of the Vulnerable Software and Affected Versions: FS Product Inquiry WordPress plugin versions 1.1.1 and earlier Description: The issue allows unauthenticated users to perform Stored Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some form submissions...

FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks 1. Add an inquiry form using the shortcode fspi-show-products-list 2. As a non-logged in visitor, enter the payload "...