6 matches found
CVE-2023-49761
CVE-2023-49761: A CSRF vulnerability in the WordPress plugin Product Enquiry for WooCommerce (GM WooCommerce Quote Popup) affects versions
CVE-2023-6626
The CVE concerns the WordPress plugin Product Enquiry for WooCommerce, affected versions prior to 3.1. The issue is that the plugin does not sanitise and escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (s...
CVE-2023-7151
CVE-2023-7151 affects the WordPress plugin “Product Enquiry for WooCommerce” prior to version 3.2. The issue is that the plugin does not sanitize and escape the page parameter before outputting it in an attribute, resulting in a reflected XSS vulnerability. This could be exploited against high-pr...
CVE-2023-47696
The CVE-2023-47696 entry concerns the Gravity Master Product Enquiry for WooCommerce plugin for WordPress. Affected component: the plugin’s input handling/escaping allows unauthenticated Stored XSS. Vulnerable versions are ≤ 3.0; the issue is mitigated in version 3.1. The attack vector is network...
CVE-2023-6625
The CVE-2023-6625 entry describes a CSRF vulnerability in the Product Enquiry for WooCommerce WordPress plugin before version 3.1, where deleting inquiries is not protected against CSRF. This could allow a logged-in admin to be tricked into deleting inquiries via CSRF. Affected software: Product ...
CVE-2023-47512
CVE-2023-47512 pertains to Gravity Master Product Enquiry for WooCommerce plugin (WordPress)