Description The plugin does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack
1. Make an enquiry from the frontend form 2. Go to “Woo Quote Popup > Enquiry List” 3. Get the ID of an item 4. Add the ID to the following HTML:
5. See that the item has been deleted.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 3.1 |