← Back

Product Enquiry For Woocommerce

product_enquiry_for_woocommerce

Vendor: Piwebsolution • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Piwebsolution
1Product Enquiry For Woocommerce
Jun 17, 2026
Sep 27, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquir...Show more
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.Show less
2Gravitymaster
Piwebsolution
2Product Enquiry For Woocommerce
Product Enquiry For Woocommerce
Jun 17, 2026
Jan 16, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used a...Show more
The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
1Piwebsolution
1Product Enquiry For Woocommerce
Jun 17, 2026
Apr 7, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.