cleantalk
Vulnerabilities and Security Researches

Product Enquiry for WooCommerce, WooCommerce product catalog, CVE-2024-8922

CVE, Research URL

CVE-2024-8922

Home page URL

Security reports for Product Enquiry for WooCommerce, WooCommerce product catalog

Application

Product Enquiry for WooCommerce, WooCommerce product catalog

Published on
Sep 27, 2024
Research Description
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
Min -, max 2.2.33.34.
Status
vulnerable
Previous vulnerability researches
Product Enquiry for WooCommerce, WooCommerce product catalog (CVE-2024-8922) , Sep 28, 2024
Product Enquiry for WooCommerce, WooCommerce product catalog (CVE-2023-29170) , Jun 07, 2024
New vulnerability
Google Map Targeting (CVE-2025-52732) , Aug 04, 2025
WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (CVE-2025-8152) , Aug 04, 2025
One Click Demo Import , Aug 04, 2025
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025