62 matches found
CVE-2023-49761
Cross-Site Request Forgery CSRF vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0...
EUVD-2023-53684
Malicious code in bioql PyPI...
EUVD-2025-9457
Malicious code in bioql PyPI...
CVE-2023-32796
Unauth. Stored Cross-Site Scripting XSS vulnerability in MingoCommerce WooCommerce Product Enquiry plugin = 2.3.4 versions...
CVE-2025-31580
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ni WooCommerce Product Enquiry: from n/a through = 4.1.8...
WordPress plugin Ni WooCommerce Product Enquiry 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
CVE-2024-8922
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquirydetail.php. This makes it possible for authenticated attackers, with...
CVE-2024-8922 Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquirydetail.php. This makes it possible for authenticated attackers, with...
WordPress Product Enquiry for WooCommerce plugin <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php vulnerability
Authenticated Author+ PHP Object Injection in enquirydetail.php vulnerability discovered by Francesco Carlucci in WordPress Plugin Product Enquiry for WooCommerce versions = 2.2.33.33...
WordPress plugin Product Enquiry for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
PT-2024-39323 · Woocommerce · Product Enquiry For Woocommerce
Name of the Vulnerable Software and Affected Versions: The Product Enquiry for WooCommerce versions up to, and including, 2.2.33.32 Description: The vulnerability concerns PHP Object Injection via deserialization of untrusted input in enquiry detail.php. This allows authenticated attackers with...
WordPress Product Enquiry for WooCommerce plugin < 3.1.8 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Product Enquiry for WooCommerce versions 3.1.8...
CVE-2024-3964
The CVE concerns the WordPress plugin Product Enquiry for WooCommerce, affected in versions prior to 3.1.8. The root cause is that the plugin does not sanitize and escape certain settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., administrators), even when ...
Cross site request forgery (csrf)
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack...
CVE-2023-6626 Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...
CVE-2023-6626
The CVE concerns the WordPress plugin Product Enquiry for WooCommerce, affected versions prior to 3.1. The issue is that the plugin does not sanitise and escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (s...
CVE-2023-6625 Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack...
CVE-2023-6625
The CVE-2023-6625 entry describes a CSRF vulnerability in the Product Enquiry for WooCommerce WordPress plugin before version 3.1, where deleting inquiries is not protected against CSRF. This could allow a logged-in admin to be tricked into deleting inquiries via CSRF. Affected software: Product ...
PT-2024-15028 · WordPress · Product Enquiry For Woocommerce
Name of the Vulnerable Software and Affected Versions: Product Enquiry for WooCommerce WordPress plugin versions prior to 3.1 Description: The issue is related to the lack of a CSRF check when deleting inquiries, which could allow attackers to make a logged-in admin delete them via a CSRF attack...
WordPress plugin Product Enquiry for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...