Vulnerabilities and security researches forenquiry-quotation-for-woocommerce enquiry-quotation-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2023-29170
Home page URL: Security reports for Product Enquiry for WooCommerce, WooCommerce product catalog
Application: Product Enquiry for WooCommerce, WooCommerce product catalog
Date: Apr 07, 2023
Research Description: Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.
Affected versions: Min -, max -.
Status: vulnerable

Sep 28, 2024

CVE, Research URL: CVE-2024-8922
Home page URL: Security reports for Product Enquiry for WooCommerce, WooCommerce product catalog
Application: Product Enquiry for WooCommerce, WooCommerce product catalog
Date: Sep 27, 2024
Research Description: The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions: Min -, max -.
Status: vulnerable