WP-Safety

FS Product Inquiry Security & Risk Analysis

wordpress.org/plugins/fs-product-inquiry

FS Product Inquiry Plugin is useful for the product inquiry that looks great and keeps your site loading fast.

0 active installs v1.1.1 PHP 5.6+ WP 4.7+ Updated Apr 12, 2021
product-inquiryproducts-info
43
D · High Risk
CVEs total2
Unpatched2
Last CVEMay 14, 2024
Download
Safety Verdict

Is FS Product Inquiry Safe to Use in 2026?

High Risk

Score 43/100

FS Product Inquiry carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: May 14, 2024Updated 4yr ago
Risk Assessment

The "fs-product-inquiry" plugin v1.1.1 presents a mixed security posture with several concerning findings despite some good practices. While the absence of dangerous functions and the use of prepared statements for SQL queries are positive indicators, the significant number of unprotected AJAX handlers (4 out of 4) and the complete lack of nonce and capability checks on these entry points are major security liabilities. The taint analysis showing a high percentage of flows with unsanitized paths, although not reaching critical or high severity, suggests a potential for subtle input validation issues that could be exploited.

The plugin's vulnerability history is a significant concern, with two known medium severity CVEs, both currently unpatched. The recurring nature of Cross-Site Scripting vulnerabilities indicates a pattern of inadequate input sanitization and output escaping, especially considering that only 37% of outputs are properly escaped. This, combined with the unprotected AJAX handlers, creates a fertile ground for XSS attacks that could compromise user sessions or inject malicious content.

In conclusion, while the plugin demonstrates some secure coding practices like prepared SQL statements, the high number of unprotected entry points and the unpatched historical vulnerabilities, particularly XSS, outweigh these strengths. The risk assessment points to a medium to high-risk profile, requiring immediate attention to secure the AJAX handlers and address the underlying causes of past vulnerabilities.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks on AJAX
  • Missing capability checks
  • Unescaped output
  • Unpatched CVEs (2 x medium)
  • Flows with unsanitized paths
Vulnerabilities
2

FS Product Inquiry Security Vulnerabilities

CVEs by Year

2 CVEs in 2024 · unpatched
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-4857medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FS Product Inquiry <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting

May 14, 2024Unpatched
CVE-2024-4856medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FS Product Inquiry <= 1.1.1 - Reflected Cross-Site Scripting

May 14, 2024Unpatched
Code Analysis
Analyzed Mar 17, 2026

FS Product Inquiry Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
138
80 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

jQuery

Output Escaping

37% escaped218 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

8 flows7 with unsanitized paths
fspi_get_inquiry_attribute (includes\class-fs-products.php:69)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

FS Product Inquiry Attack Surface

Entry Points6
Unprotected4

AJAX Handlers 4

noprivwp_ajax_fspi_get_inquiry_attributeincludes\class-fs-products.php:31
authwp_ajax_fspi_get_inquiry_attributeincludes\class-fs-products.php:32
noprivwp_ajax_fspi_ck_loopulincludes\class-fs-products.php:33
authwp_ajax_fspi_ck_loopulincludes\class-fs-products.php:34

Shortcodes 2

[fspi-show-products-list] includes\class-fs-products.php:18
[fspi-inquiry-form] includes\class-fs-setting-page.php:19
WordPress Hooks 17
actionadmin_menuincludes\class-fs-main-menu.php:15
actioninitincludes\class-fs-main-menu.php:16
actionadd_meta_boxesincludes\class-fs-main-menu.php:17
actioninitincludes\class-fs-products.php:16
actionadd_meta_boxesincludes\class-fs-products.php:20
actionsave_postincludes\class-fs-products.php:21
filtertemplate_includeincludes\class-fs-products.php:22
filtertaxonomy_templateincludes\class-fs-products.php:23
actioninitincludes\class-fs-products.php:24
actioncomment_form_logged_in_afterincludes\class-fs-products.php:26
actioncomment_form_after_fieldsincludes\class-fs-products.php:27
actionwp_enqueue_scriptsincludes\class-fs-products.php:28
actioncomment_postincludes\class-fs-products.php:29
filtercomment_textincludes\class-fs-products.php:30
filterposts_whereincludes\class-fs-products.php:269
actionfspi_settings_tabincludes\class-fs-setting-page.php:16
actionfspi_settings_contentincludes\class-fs-setting-page.php:17
Maintenance & Trust

FS Product Inquiry Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedApr 12, 2021
PHP min version5.6
Downloads949

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

FS Product Inquiry Alternatives

Product Enquiry for WooCommerce

Product Enquiry for WooCommerce

product-enquiry-for-woocommerce

A
99

Product Enquiry allows prospective customers to "Make an Enquiry" about a product, or "Request a Quote" right from within the product page.

10K 1 CVE
PiWeb Product Enquiry or product catalog for WooCommerce

PiWeb Product Enquiry or product catalog for WooCommerce

enquiry-quotation-for-woocommerce

A
98

Product enquiry for WooCommerce and quote request plugin that can save enquiries and email the WooCommerce product enquiry as well

1K 2 CVEs
Product Catalog Mode For WooCommerce

Product Catalog Mode For WooCommerce

product-catalog-mode-for-woocommerce

A
100

Product Catalog Mode for WooCommerce TURN INTO your online store as CATALOG ONLY MODE hiding by product price, Add to Cart button on a single click.

100 No CVEs
NSWP – Product Inquiry Form

NSWP – Product Inquiry Form

nswp-product-inquiry-form

A
100

The WooCommerce product inquiry plugin adds a product enquiry button to every WooCommerce Product detail Page. Using this button, a potential customer &hellip;

0 No CVEs
OhmTang RFQ

OhmTang RFQ

ohmtang-rfq

A
100

OhmTang RFQ is a fully open-source and free RFQ (Request for Quotation) form plugin for WooCommerce that streamlines B2B inquiries.

0 No CVEs
Developer Profile

FS Product Inquiry Developer Profile

Fudugo Solutions

3 plugins · 10 total installs

74
trust score
Avg Security Score
71/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FS Product Inquiry

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fs-product-inquiry/assets/admin/css/fspi-form.css/wp-content/plugins/fs-product-inquiry/assets/admin/js/fspi-admin-script.js
Script Paths
/wp-content/plugins/fs-product-inquiry/assets/admin/js/fspi-admin-script.js
Version Parameters
fs-product-inquiry/assets/admin/css/fspi-form.css?ver=fs-product-inquiry/assets/admin/js/fspi-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
fspi-main-settingfspi-form-groupfspi-form-lablefspi-form-input
Data Attributes
namevalue
JS Globals
FSProductInquiryfspi_active_tab
Shortcode Output
[fspi-show-products-list]
FAQ

Frequently Asked Questions about FS Product Inquiry