WordPress Plugin Vulnerabilities

Product Enquiry for WooCommerce < 3.1 - Unauthenticated Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
gm-woocommerce-quote-popup
Fixed in 3.1

References

CVE
CVE-2023-47696
URL
https://patchstack.com/database/vulnerability/gm-woocommerce-quote-popup/wordpress-product-enquiry-for-woocommerce-plugin-3-0-cross-site-scripting-xss-vulnerability-2

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
da21a6ca-01ac-41d4-8a2d-7e7ef7e23adc

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-16 (about 2 years ago)
Last Updated
2023-12-28 (about 2 years ago)

Other

Published
Title
Published
2025-10-11
Title
Togo < 1.0.4 - Reflected Cross-Site Scripting
Published
2024-10-22
Title
WP Shortcodes Plugin — Shortcodes Ultimate < 7.3.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Published
2024-11-25
Title
Prisna GWT < 1.4.14 - Admin+ Stored XSS
Published
2025-09-22
Title
Library Bookshelves <= 5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-12-06
Title
WP-Ban < 1.69.1 - Admin+ Stored XSS