Whole Enquiry Cart For Woocommerce CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Idealwebdesignlk Subscriptions

Filtered by product Whole Enquiry Cart For Woocommerce Subscriptions

Search

Switch to Advanced Search (Beta)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-2838	2 Idealwebdesignlk, Wordpress	2 Whole Enquiry Cart For Woocommerce, Wordpress	2026-04-08	4.4 Medium
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowhole_success_msg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Page 1 of 1.