CVE-2023-47512 – WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-47512

07 Nov 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento WooCommerce de Gravity Master Product Enquiry versiones <=3.0. The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. ... • https://patchstack.com/database/vulnerability/gm-woocommerce-quote-popup/wordpress-product-enquiry-for-woocommerce-plugin-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •