Vulnerabilities and security researches forwoocommerce-catalog-enquiry woocommerce-catalog-enquiry
Direction: ascendingJun 07, 2024
Product Catalog Mode For WooCommerce # CVE-2024-25929
- CVE, Research URL
- Application
- Date
- Jun 09, 2024
- Research Description
- Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.
- Affected versions
-
max 5.0.6.
- Status
-
vulnerable
Product Catalog Mode For WooCommerce # CVE-2017-18592
- CVE, Research URL
- Application
- Date
- Aug 27, 2019
- Research Description
- The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.
- Affected versions
-
max 3.1.0.
- Status
-
vulnerable
Product Catalog Mode For WooCommerce # CVE-2023-5348
- CVE, Research URL
- Application
- Date
- Dec 19, 2023
- Research Description
- The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
- Affected versions
-
max 5.0.3.
- Status
-
vulnerable
Jun 10, 2024
Product Catalog Mode For WooCommerce # CVE-2023-50899
- CVE, Research URL
- Application
- Date
- Dec 09, 2024
- Research Description
- Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2.
- Affected versions
-
max 5.0.3.
- Status
-
vulnerable
Jun 16, 2026
Product Catalog Mode For WooCommerce # 4455186991c9d54dbcfe314c2afb2c8e4e15795a
- CVE, Research URL
- Application
- Date
- Nov 03, 2023
- Research Description
- CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce [woocommerce-catalog-enquiry] < 5.0.3 Product Catalog Mode For Woocommerce <= 5.0.2 - Missing Authorization The Product Catalog Mode For Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dismiss_mvx_catalog_servive_notice function in all versions up to 5.0.3 (exclusive). This makes it possible for authenticated attackers, with subscriber access and above, to dismiss admin notifications.
- Affected versions
-
max 5.0.3.
- Status
-
vulnerable
Product Catalog Mode For WooCommerce # 68d9e10d61821cb0f8b203a43b1db4013d5f5732
- CVE, Research URL
- Application
- Date
- Nov 07, 2023
- Research Description
- CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce [woocommerce-catalog-enquiry] < 5.0.3 WordPress Product Catalog Enquiry Plugin < 5.0.3 is vulnerable to Broken Access Control Update the WordPress Product Catalog Enquiry plugin to the latest available version (at least 5.0.3). Unknown discovered and reported this Broken Access Control vulnerability in WordPress Product Catalog Enquiry Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 5.0.3.
- Affected versions
-
max 5.0.3.
- Status
-
vulnerable
Product Catalog Mode For WooCommerce # b308b1976fbd8c17995ad5f6339f0f0a06f57ab7
- CVE, Research URL
- Application
- Date
- Nov 03, 2023
- Research Description
- CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce [woocommerce-catalog-enquiry] < 5.0.3 Product Catalog Enquiry <= 5.0.2 - Missing Authorization The Product Catalog Mode For Woocommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to an improper capability check on the catalog_rest_routes_react_module REST endpoints in all versions up to 5.0.3 (exclusive). This makes it possible for unauthenticated attackers to view data from admin tabs and save enquiries.
- Affected versions
-
max 5.0.3.
- Status
-
vulnerable