WP-Safety

PiWeb Product Enquiry or product catalog for WooCommerce Security & Risk Analysis

wordpress.org/plugins/enquiry-quotation-for-woocommerce

Product enquiry for WooCommerce and quote request plugin that can save enquiries and email the WooCommerce product enquiry as well

1K active installs v2.2.34.36 PHP + WP 3.0.1+ Updated Mar 30, 2026
product-enquiry-for-woocommerceproduct-inquiry-for-woocommercewoocommerce-catalogwoocommerce-enquirywoocommerce-inquiry
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 26, 2024
Plugin page Download
Safety Verdict

Is PiWeb Product Enquiry or product catalog for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

PiWeb Product Enquiry or product catalog for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Sep 26, 2024Updated 1mo ago
Risk Assessment

The 'enquiry-quotation-for-woocommerce' plugin v2.2.34.34 exhibits a mixed security posture. While it demonstrates strengths in SQL query handling with 100% prepared statements and a high percentage of properly escaped output, significant concerns arise from its attack surface and vulnerability history. A substantial 14 out of 16 entry points, specifically AJAX handlers, lack authentication checks, exposing them to potential unauthorized access and manipulation.

The static analysis also flags the presence of the `unserialize` function, a known vector for deserialization vulnerabilities if not handled with extreme caution and proper input validation. Although no critical or high severity taint flows were identified in the static analysis, the flow with an unsanitized path remains a potential concern for input validation weaknesses. The plugin's history of two known CVEs, one high and one medium severity, involving deserialization and cross-site scripting, reinforces the importance of robust input sanitization and output escaping practices.

In conclusion, the plugin has made positive strides in secure coding practices like prepared statements and output escaping. However, the numerous unprotected AJAX endpoints, combined with the historical presence of critical vulnerability types and the use of `unserialize`, present a significant risk. The absence of unpatched CVEs is a positive sign, suggesting recent attention to security, but the underlying architectural weaknesses in exposed entry points warrant careful consideration and remediation.

Key Concerns

  • 14 AJAX handlers without auth checks
  • Dangerous function: unserialize
  • Flow with unsanitized paths
  • Vulnerability history: 1 high severity CVE
  • Vulnerability history: 1 medium severity CVE
  • No capability checks
Vulnerabilities
2 published

PiWeb Product Enquiry or product catalog for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-8922high · 8.8Deserialization of Untrusted Data

Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php

Sep 26, 2024 Patched in 2.2.33.34 (1d)
CVE-2023-29170medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Enquiry for WooCommerce <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 3, 2023 Patched in 2.2.13 (295d)
Version History

PiWeb Product Enquiry or product catalog for WooCommerce Release Timeline

v2.2.34.36Current
v2.2.34.34
v2.2.34.33
v2.2.34.32
v2.2.34.31
v2.2.34.30
v2.2.34.29
v2.2.34.27
v2.2.34.26
v2.2.34.24
v2.2.34.23
v2.2.34.22
v2.2.34.21
v2.2.34.20
v2.2.34.19
v2.2.34.17
v2.2.34.16
v2.2.34.14
v2.2.34.13
v2.2.34.12
Code Analysis
Analyzed Mar 16, 2026

PiWeb Product Enquiry or product catalog for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
2 prepared
Unescaped Output
23
496 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize<?php $pi_products_info = unserialize(get_post_meta($enquiry->ID, 'pi_products_info', true), ['allowadmin\partials\enquiry_detail.php:34
unserializereturn is_serialized($pi_products_info) ? @unserialize($pi_products_info, ['allowed_classes' => falsincludes\conflict-fixer.php:42
unserialize$meta_data['pi_products_info'] = unserialize(get_post_meta($enq_id, 'pi_products_info', true));public\class-webhook.php:40

SQL Query Safety

100% prepared2 total queries

Output Escaping

96% escaped519 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

8 flows1 with unsanitized paths
handle_tracker_action (admin\class-analytics.php:85)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

PiWeb Product Enquiry or product catalog for WooCommerce Attack Surface

Entry Points16
Unprotected14

AJAX Handlers 14

authwp_ajax_pi_enq_generate_captchaincludes\class-php-captcha.php:56
noprivwp_ajax_pi_enq_generate_captchaincludes\class-php-captcha.php:57
authwp_ajax_pi_enq_refresh_captchaincludes\class-php-captcha.php:58
noprivwp_ajax_pi_enq_refresh_captchaincludes\class-php-captcha.php:59
authwp_ajax_pi_get_cart_jsonpublic\class-enq-dynamic-cart.php:27
noprivwp_ajax_pi_get_cart_jsonpublic\class-enq-dynamic-cart.php:28
authwp_ajax_pi_add_to_enquirypublic\class-eqw-enquiry-cart.php:8
noprivwp_ajax_pi_add_to_enquirypublic\class-eqw-enquiry-cart.php:9
authwp_ajax_pi_remove_productpublic\class-eqw-enquiry-cart.php:12
noprivwp_ajax_pi_remove_productpublic\class-eqw-enquiry-cart.php:13
authwp_ajax_pi_update_productspublic\class-eqw-enquiry-cart.php:16
noprivwp_ajax_pi_update_productspublic\class-eqw-enquiry-cart.php:17
authwp_ajax_get_cart_on_loadpublic\class-eqw-enquiry-shortcode.php:13
noprivwp_ajax_get_cart_on_loadpublic\class-eqw-enquiry-shortcode.php:14

Shortcodes 2

[pisol_enquiry_cart] public\class-eqw-enquiry-shortcode.php:10
[enquiry_cart] public\class-eqw-enquiry-shortcode.php:12
WordPress Hooks 55
actionadmin_enqueue_scriptsadmin\class-analytics.php:34
actionadmin_footer-plugins.phpadmin\class-analytics.php:35
actionadmin_noticesadmin\class-analytics.php:38
filtersafe_style_cssadmin\class-analytics.php:42
actioninitadmin\class-eqw-advance.php:24
actioninitadmin\class-eqw-cart.php:22
actioninitadmin\class-eqw-email.php:24
actionadmin_noticesadmin\class-eqw-email.php:39
actioninitadmin\class-eqw-enquiry.php:17
actioninitadmin\class-eqw-enquiry.php:18
actionadd_meta_boxesadmin\class-eqw-enquiry.php:20
filtermanage_edit-pisol_enquiry_columnsadmin\class-eqw-enquiry.php:22
actionmanage_pisol_enquiry_posts_custom_columnadmin\class-eqw-enquiry.php:24
actioninitadmin\class-eqw-form-control.php:24
actionadmin_menuadmin\class-eqw-menu.php:13
actioninitadmin\class-eqw-option.php:23
actionwoocommerce_product_data_tabsadmin\class-eqw-product-options.php:7
actionwoocommerce_product_data_panelsadmin\class-eqw-product-options.php:9
actionadmin_initadmin\class-pisol-enquiry-quotation-woocommerce-admin.php:27
filterdisplay_post_statesadmin\class-pisol-enquiry-quotation-woocommerce-admin.php:29
actioninitadmin\class-telegram-options.php:23
filterinstall_plugins_nonmenu_tabsadmin\plugins.php:38
actionadmin_noticesincludes\class-php-captcha.php:37
actionpi_eqw_add_captcha_fieldincludes\class-php-captcha.php:54
actionwp_enqueue_scriptsincludes\class-php-captcha.php:61
actionplugins_loadedincludes\class-pisol-enquiry-quotation-woocommerce.php:144
actionadmin_enqueue_scriptsincludes\class-pisol-enquiry-quotation-woocommerce.php:159
actionadmin_enqueue_scriptsincludes\class-pisol-enquiry-quotation-woocommerce.php:160
actionwp_enqueue_scriptsincludes\class-pisol-enquiry-quotation-woocommerce.php:175
actionwp_enqueue_scriptsincludes\class-pisol-enquiry-quotation-woocommerce.php:176
actionadmin_enqueue_scriptsincludes\conflict-fixer.php:18
filterget_post_metadataincludes\conflict-fixer.php:20
actionadmin_footerincludes\pisol.class.form.php:415
actionadmin_noticesincludes\review.php:107
actionadmin_noticespisol-enquiry-quotation-woocommerce.php:44
actionadmin_noticespisol-enquiry-quotation-woocommerce.php:57
actionbefore_woocommerce_initpisol-enquiry-quotation-woocommerce.php:65
actionphpmailer_initpublic\class-email.php:32
actionwp_enqueue_scriptspublic\class-enq-dynamic-cart.php:26
actionwc_ajax_pi_get_cart_jsonpublic\class-enq-dynamic-cart.php:29
actionwp_footerpublic\class-enq-dynamic-cart.php:31
actionwp_footerpublic\class-enq-dynamic-cart.php:33
actionwp_loadedpublic\class-enq-dynamic-cart.php:130
filterwoocommerce_is_purchasablepublic\class-eqw-advance.php:12
filterwoocommerce_variable_sale_price_htmlpublic\class-eqw-advance.php:19
filterwoocommerce_variable_price_htmlpublic\class-eqw-advance.php:20
filterwoocommerce_get_price_htmlpublic\class-eqw-advance.php:21
actiontemplate_redirectpublic\class-eqw-advance.php:25
actionwc_ajax_pi_add_to_enquirypublic\class-eqw-enquiry-cart.php:7
actionwc_ajax_pi_remove_productpublic\class-eqw-enquiry-cart.php:11
actionwc_ajax_pi_update_productspublic\class-eqw-enquiry-cart.php:15
actionwc_ajax_get_cart_on_loadpublic\class-eqw-enquiry-shortcode.php:15
actionwoocommerce_single_product_summarypublic\class-eqw-product.php:25
actionwoocommerce_after_template_partpublic\class-eqw-product.php:27
actionpisol_eqw_enquiry_savedpublic\class-webhook.php:16
Maintenance & Trust

PiWeb Product Enquiry or product catalog for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version
Downloads130K

Community Trust

Rating94/100
Number of ratings33
Active installs1K
Alternatives

PiWeb Product Enquiry or product catalog for WooCommerce Alternatives

Product Enquiry for WooCommerce

Product Enquiry for WooCommerce

product-enquiry-for-woocommerce

A
99

Product Enquiry allows prospective customers to "Make an Enquiry" about a product, or "Request a Quote" right from within the product page.

10K 1 CVE
Product Enquiry for WooCommerce

Product Enquiry for WooCommerce

gm-woocommerce-quote-popup

A
98

Allow customers to request quotes, send product enquiries, and run WooCommerce in catalog mode by hiding prices and replacing the Add to Cart button.

3K 5 CVEs
Catalog & Enquiry For WooCommerce

Catalog & Enquiry For WooCommerce

catalog-enquiry

A
85

Elements Buddy.

80 No CVEs
YITH WooCommerce Catalog Mode

YITH WooCommerce Catalog Mode

yith-woocommerce-catalog-mode

A
99

YITH WooCommerce Catalog Mode, a plugin for disabling sales in your e-commerce and turn it into an e-commerce into an online catalogue.

60K 1 CVE
ELEX WooCommerce Catalog Mode

ELEX WooCommerce Catalog Mode

elex-woocommerce-catalog-mode

A
100

Easily turn your WooCommerce store into catalog mode with the best plugin designed for efficiency and effectiveness.

10K No CVEs
Developer Profile

PiWeb Product Enquiry or product catalog for WooCommerce Developer Profile

PI Web Solution

33 plugins · 93K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
235 days
View full developer profile
Detection Fingerprints

How We Detect PiWeb Product Enquiry or product catalog for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/enquiry-quotation-for-woocommerce/admin/css/bootstrap.css/wp-content/plugins/enquiry-quotation-for-woocommerce/admin/js/pisol-quick-save.js/wp-content/plugins/enquiry-quotation-for-woocommerce/admin/js/pisol-enquiry-quotation-woocommerce-admin.js
Version Parameters
pisol-enquiry-quotation-woocommerce/admin/css/bootstrap.css?ver=pisol-enquiry-quotation-woocommerce/admin/js/pisol-quick-save.js?ver=pisol-enquiry-quotation-woocommerce/admin/js/pisol-enquiry-quotation-woocommerce-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
pisol-setting-wrapperpisol-container-wrapperpisol-containerpisol-rowpisol-col-12pisol-col-sm-2pisol-col-sm-10
Data Attributes
id="pi-logo"
FAQ

Frequently Asked Questions about PiWeb Product Enquiry or product catalog for WooCommerce