3 matches found
CVE-2024-8922
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquirydetail.php. This makes it possible for authenticated attackers, with...
CVE-2023-7151
The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Cross site scripting
Auth. admin+ Stored Cross-site Scripting XSS vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin = 2.2.12 versions...