WordPress Plugin Vulnerabilities

Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Inquiry Saving & Sensitive Information Disclosure

Description

The plugin is vulnerable to unauthorized access and modification of data due to an improper capability check on the catalog_rest_routes_react_module REST endpoints, allowing unauthenticated attackers to view data from admin tabs and save enquiries

Affects Plugins

Plugin icon
woocommerce-catalog-enquiry
Fixed in 5.0.3

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/03177018-94cb-4e14-9476-e2d369414c38

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Verified
No
WPVDB ID
c984b708-7fe3-4a13-a1c5-4d3a881ce31e

Timeline

Publicly Published
2023-11-03 (about 2 years ago)
Added
2024-01-03 (about 2 years ago)
Last Updated
2024-01-03 (about 2 years ago)

Other

Published
Title
Published
2026-02-19
Title
ShipTime: Discounted Shipping Rates <= 1.1.1 - Missing Authorization
Published
2024-05-09
Title
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler < 1.6.5 - Missing Authorization via Several AJAX Action
Published
2024-03-26
Title
Multiple Page Generator Plugin – MPG < 3.4.1 - Missing Authorization via mpg_get_log_by_project_id
Published
2025-11-17
Title
The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update
Published
2025-04-01
Title
Zoho Flow < 2.13.4 - Missing Authorization