cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11034,https://securityvulnerability.io/vulnerability/CVE-2024-11034,Arbitrary Shortcode Execution Vulnerability in Product Quotation Plugin,"The Get a Quote Button for WooCommerce plugin is susceptible to security risks due to the improper validation of AJAX action inputs. This vulnerability allows unauthenticated users to execute arbitrary shortcodes by leveraging the fire_contact_form AJAX action, which does not adequately sanitize input before processing. Consequently, attackers can exploit this weakness in all versions up to and including 1.4, potentially leading to the execution of malicious shortcodes and the compromise of site integrity.",Wordpress,Request A Quote For WooCommerce And Elementor – Get A Quote Button – Product Enquiry Form Popup – Product Quotation,7.3,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-23T12:15:00.000Z,0
CVE-2024-8922,https://securityvulnerability.io/vulnerability/CVE-2024-8922,WooCommerce Product Catalog Plugin Vulnerable to PHP Object Injection,"The WooCommerce Product Enquiry plugin for WordPress is susceptible to a PHP Object Injection vulnerability due to deserialization of untrusted input in the enquiry_detail.php file. This vulnerability impacts all versions up to and including 2.2.33.32. Authenticated attackers with Author-level access or higher can exploit this weakness by injecting a PHP Object. Although no known PHP Object Pollution (POP) chain exists in the vulnerable software, it poses risks if a POP chain is introduced through additional plugins or themes on the target site. Exploitation could enable attackers to delete arbitrary files, retrieve sensitive information, or execute malicious code, thereby compromising the security of WordPress installations.",Wordpress,"Product Enquiry For WooCommerce, WooCommerce Product Catalog",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-09-27T05:31:03.421Z,0
CVE-2024-3964,https://securityvulnerability.io/vulnerability/CVE-2024-3964,WooCommerce Plugin Bug Exposes Stored Cross-Site Scripting Vulnerability,"The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Product Enquiry For WooCommerce,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:05.478Z,0
CVE-2023-6626,https://securityvulnerability.io/vulnerability/CVE-2023-6626,Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS,"The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Product Enquiry for WooCommerce,4.8,MEDIUM,0.0005200000014156103,false,,false,false,true,true,false,false,2024-01-22T19:14:28.393Z,0
CVE-2023-6625,https://securityvulnerability.io/vulnerability/CVE-2023-6625,Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF,"The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack",Wordpress,Product Enquiry for WooCommerce,4.3,MEDIUM,0.000539999979082495,false,,false,false,true,true,false,false,2024-01-22T19:14:24.183Z,0
CVE-2023-7151,https://securityvulnerability.io/vulnerability/CVE-2023-7151,Product Enquiry for WooCommerce < 3.2 - Reflected XSS,"The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Product Enquiry for WooCommerce,6.1,MEDIUM,0.000539999979082495,false,,false,false,true,true,false,false,2024-01-16T15:57:52.755Z,0