[-] Title : Product Enquiry for WooCommerce Plugin - Cross-Site Scripting [-] Author : Ashkan Moghaddas [-] Vendor : https://wordpress.org/plugins/product-enquiry-for-woocommerce/ [-] Category : Webapps [-] Date : 07.4.2018 [-] Google Dork: N/A Vulnerable page : /product-enquiry-for-woocommerce.php Vulnerable Source : Line1075: echo echo "." . $id; Line1050: $id = $_POST['id']; POC : http://localhost/product-enquiry-for-woocommerce.php?id=[XSS] ================================ WebSite : UltraSec.Org Channel : @UltraSecurity Email : ashkanmoghaddas77@gmail.com Special Thanks : abolfazl hajizade , MrQadir , Milad Ranjbar