Vulnerabilities and security researches forproduct-enquiry-for-woocommerce product-enquiry-for-woocommerce

Jul 15, 2024

CVE, Research URL: CVE-2024-3964
Home page URL: Security reports for Product Enquiry for WooCommerce
Application: Product Enquiry for WooCommerce
Date: Jul 13, 2024
Research Description: The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 3.1.8.
Status: vulnerable