WordPress Plugin Vulnerabilities

WooCommerce Product Enquiry <= 2.3.4 - Unauthenticated Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
woo-product-enquiry
No known fix

References

CVE
CVE-2023-32796

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Emili Castells
Verified
No
WPVDB ID
02794724-2a7e-4428-9479-829274ff3c1c

Timeline

Publicly Published
2023-11-08 (about 2 years ago)
Added
2023-11-17 (about 2 years ago)
Last Updated
2023-11-17 (about 2 years ago)

Other

Published
Title
Published
2023-08-17
Title
Extensions for Leaflet Map < 3.4.2 - Reflected XSS
Published
2024-06-06
Title
WP Visitors Tracker < 2.4 - Reflected Cross-Site Scripting
Published
2024-08-07
Title
Selection Lite < 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-03
Title
WP2LEADS < 3.4.3 - Reflected Cross-Site Scripting
Published
2018-12-13
Title
WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)