Lucene search
K

62 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.9 views

CVE-2023-49761

Cross-Site Request Forgery CSRF vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0...

8.8CVSS8.5AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-53684

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9457

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.00369EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:10 a.m.6 views

CVE-2023-32796

Unauth. Stored Cross-Site Scripting XSS vulnerability in MingoCommerce WooCommerce Product Enquiry plugin = 2.3.4 versions...

7.1CVSS5.6AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/03 9:33 p.m.4 views

CVE-2025-31580

Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ni WooCommerce Product Enquiry: from n/a through = 4.1.8...

7.5CVSS7.2AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.5 views

WordPress plugin Ni WooCommerce Product Enquiry 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

7.5CVSS7.5AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2024/09/27 6:15 a.m.3 views

CVE-2024-8922

The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquirydetail.php. This makes it possible for authenticated attackers, with...

8.8CVSS6AI score0.00781EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/27 5:31 a.m.24 views

CVE-2024-8922 Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php

The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquirydetail.php. This makes it possible for authenticated attackers, with...

8.8CVSS0.00781EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/27 1:25 a.m.4 views

WordPress Product Enquiry for WooCommerce plugin <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php vulnerability

Authenticated Author+ PHP Object Injection in enquirydetail.php vulnerability discovered by Francesco Carlucci in WordPress Plugin Product Enquiry for WooCommerce versions = 2.2.33.33...

8.8CVSS7.3AI score0.00781EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.2 views

WordPress plugin Product Enquiry for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

8.8CVSS6.9AI score0.00781EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.2 views

PT-2024-39323 · Woocommerce · Product Enquiry For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Product Enquiry for WooCommerce versions up to, and including, 2.2.33.32 Description: The vulnerability concerns PHP Object Injection via deserialization of untrusted input in enquiry detail.php. This allows authenticated attackers with...

8.8CVSS7.7AI score0.00781EPSS
Exploits0References11
Patchstack
Patchstack
added 2024/07/15 2:28 a.m.3 views

WordPress Product Enquiry for WooCommerce plugin < 3.1.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Product Enquiry for WooCommerce versions 3.1.8...

5.9CVSS6.1AI score0.00476EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/07/13 6:0 a.m.49 views

CVE-2024-3964

The CVE concerns the WordPress plugin Product Enquiry for WooCommerce, affected in versions prior to 3.1.8. The root cause is that the plugin does not sanitize and escape certain settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., administrators), even when ...

5.9CVSS5.2AI score0.00476EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/01/22 8:15 p.m.19 views

Cross site request forgery (csrf)

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack...

4.3CVSS7AI score0.00203EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/01/22 7:14 p.m.27 views

CVE-2023-6626 Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

5AI score0.00402EPSS
Exploits2References1
CVE
CVE
added 2024/01/22 7:14 p.m.61 views

CVE-2023-6626

The CVE concerns the WordPress plugin Product Enquiry for WooCommerce, affected versions prior to 3.1. The issue is that the plugin does not sanitise and escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (s...

4.8CVSS4.7AI score0.00402EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/22 7:14 p.m.3 views

CVE-2023-6625 Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack...

4.8AI score0.00203EPSS
Exploits2References1
CVE
CVE
added 2024/01/22 7:14 p.m.39 views

CVE-2023-6625

The CVE-2023-6625 entry describes a CSRF vulnerability in the Product Enquiry for WooCommerce WordPress plugin before version 3.1, where deleting inquiries is not protected against CSRF. This could allow a logged-in admin to be tricked into deleting inquiries via CSRF. Affected software: Product ...

4.3CVSS4.9AI score0.00203EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.6 views

PT-2024-15028 · WordPress · Product Enquiry For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Enquiry for WooCommerce WordPress plugin versions prior to 3.1 Description: The issue is related to the lack of a CSRF check when deleting inquiries, which could allow attackers to make a logged-in admin delete them via a CSRF attack...

4.3CVSS4.5AI score0.00203EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/01/22 12:0 a.m.5 views

WordPress plugin Product Enquiry for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.4AI score0.00203EPSS
Exploits2References2
Rows per page
Query Builder