CVE-2024-3964

The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Configurations

Configuration 1 (hide)

cpe:2.3:a:wisdmlabs:product_enquiry_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

13 May 2025, 13:48

Type Values Removed Values Added
First Time Wisdmlabs
Wisdmlabs product Enquiry For Woocommerce
CPE cpe:2.3:a:wisdmlabs:product_enquiry_for_woocommerce:*:*:*:*:*:wordpress:*:*
References () https://wpscan.com/vulnerability/ff468772-3e6a-439c-a4d7-94bd2ce1a964/ - () https://wpscan.com/vulnerability/ff468772-3e6a-439c-a4d7-94bd2ce1a964/ - Exploit, Third Party Advisory
CWE CWE-79

Information

Published : 2024-07-13 06:15

Updated : 2025-05-13 13:48


NVD link : CVE-2024-3964

Mitre link : CVE-2024-3964

CVE.ORG link : CVE-2024-3964


JSON object : View

Products Affected

wisdmlabs

  • product_enquiry_for_woocommerce
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')