Does CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce compatible with WordPress 6.9.0?

According to WordPress.org data, CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce 6.0.8 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce compatible with PHP 8.0+?

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-catalog-enquiry

WooCommerce Catalog Mode, product enquiry, and request a quote plugin. Hide prices, disable cart, and collect enquiries easily.

6K active installs v6.0.8 PHP 8.0+ WP 6.4+ Updated Dec 5, 2025

b2bproduct-catalog-modeproduct-enquiry-for-woocommercerequest-a-quotewholesale-pricing

A · Safe

CVEs total5

Unpatched0

Last CVEFeb 20, 2024

Plugin page Download

Safety Verdict

Is CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Safe to Use in 2026?

Generally Safe

Score 96/100

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Feb 20, 2024Updated 5mo ago

Risk Assessment

The 'woocommerce-catalog-enquiry' plugin version 6.0.8 presents a mixed security posture. While the static analysis shows no dangerous functions or critical taint flows, and there are no currently unpatched CVEs, several areas raise concerns. The significant number of unprotected AJAX handlers (4 out of 4) represent a substantial attack surface, making it easier for unauthenticated users to trigger potentially sensitive actions. Furthermore, the code analysis indicates that only 63% of outputs are properly escaped, suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully. The SQL query practice, with only 24% using prepared statements, is also a weakness that could lead to SQL injection if not meticulously sanitized elsewhere. The plugin's vulnerability history is a significant red flag, with 5 known CVEs including a critical one and a high one, covering common issues like CSRF, XSS, missing authorization, and unrestricted file uploads. While these are reported as patched, the recurring nature of these vulnerability types indicates a pattern of insecure coding practices that require ongoing vigilance. The last vulnerability being from February 2024 suggests that while recent fixes have occurred, the underlying architectural issues may still persist.

Key Concerns

Unprotected AJAX handlers (4/4)
Low percentage of prepared SQL statements (24%)
Moderate percentage of properly escaped output (63%)
No nonce checks
Previous critical CVE history (1)
Previous high CVE history (1)
Previous medium CVE history (3)

Vulnerabilities

5 published

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

3 CVEs in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

5 total CVEs

CVE-2024-25929medium · 4.3Cross-Site Request Forgery (CSRF)

Product Catalog Enquiry for WooCommerce by MultiVendorX <= 5.0.5 - Cross-Site Request Forgery via REST API

Feb 20, 2024 Patched in 5.0.6 (4d)

CVE-2023-5348high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Catalog Mode For WooCommerce <= 5.0.2 - Unauthenticated Stored Cross-Site Scripting

Nov 21, 2023 Patched in 5.0.3 (63d)

CVE-2023-50899medium · 6.5Missing Authorization

Product Catalog Enquiry <= 5.0.2 - Missing Authorization

Nov 3, 2023 Patched in 5.0.3 (81d)

WF-e881ba2f-0e88-4c7b-aa0d-84e816019db9-woocommerce-catalog-enquirymedium · 4.3Missing Authorization

Product Catalog Mode For Woocommerce <= 5.0.2 - Missing Authorization

Nov 3, 2023 Patched in 5.0.3 (81d)

CVE-2017-18592critical · 9.8Unrestricted Upload of File with Dangerous Type

WC Catalog Enquiry <= 3.0.5 - Arbitrary File Upload

Apr 20, 2017 Patched in 3.1.0 (2469d)

Version History

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Release Timeline

v6.0.8Current

v6.0.7

v6.0.6

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.12

v5.0.11

v5.0.10

v5.0.9

v5.0.8

v5.0.7

v5.0.6

v5.0.51 CVE

CVE-2024-25929

v5.0.41 CVE

CVE-2024-25929

v5.0.31 CVE

CVE-2024-25929

v5.0.24 CVEs

CVE-2023-50899 CVE-2023-5348 CVE-2024-25929 +1 more

Code Analysis

Analyzed Mar 16, 2026

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

98 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

24% prepared17 total queries

Output Escaping

63% escaped155 total outputs

Attack Surface

4 unprotected

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 4

authwp_ajax_add_variation_for_enquiry_mailmodules\Enquiry\Ajax.php:17

noprivwp_ajax_add_variation_for_enquiry_mailmodules\Enquiry\Ajax.php:18

authwp_ajax_quote_added_in_listmodules\Quote\Ajax.php:18

noprivwp_ajax_quote_added_in_listmodules\Quote\Ajax.php:19

Shortcodes 3

[catalogx_request_quote] classes\Shortcode.php:18

[catalogx_enquiry_button] modules\Enquiry\Frontend.php:39

[catalogx_quote_button] modules\Quote\Frontend.php:30

WordPress Hooks 68

actionadmin_menuclasses\Admin.php:15

actionadmin_enqueue_scriptsclasses\Admin.php:16

actionload_script_textdomain_relative_pathclasses\Admin.php:18

filterblock_categories_allclasses\Block.php:20

actioninitclasses\Block.php:22

actionenqueue_block_assetsclasses\Block.php:24

actionbefore_woocommerce_initclasses\CatalogX.php:39

actionwoocommerce_loadedclasses\CatalogX.php:40

actionplugins_loadedclasses\CatalogX.php:41

filterwoocommerce_email_classesclasses\CatalogX.php:42

actioninitclasses\CatalogX.php:44

actionin_plugin_update_message-woocommerce-catalog-enquiry/Woocommerce_Catalog_Enquiry.phpclasses\CatalogX.php:46

filterplugin_row_metaclasses\CatalogX.php:76

actioninitclasses\CatalogX.php:81

actionadmin_noticesclasses\CatalogX.php:192

actioninitclasses\Core\QuoteCart.php:26

actionwp_loadedclasses\Core\QuoteCart.php:27

actionwpclasses\Core\QuoteCart.php:28

actionshutdownclasses\Core\QuoteCart.php:29

actionquote_clean_cronclasses\Core\QuoteCart.php:30

actionwp_loadedclasses\Core\QuoteCart.php:31

actionwoocommerce_cleanup_sessionsclasses\Core\Session.php:74

actionshutdownclasses\Core\Session.php:75

actionwp_logoutclasses\Core\Session.php:76

actionclear_auth_cookieclasses\Core\Session.php:77

actionwoocommerce_thankyouclasses\Core\Session.php:79

actioninitclasses\Frontend.php:18

actionwpclasses\Frontend.php:19

actionwp_enqueue_scriptsclasses\Frontend.php:21

actionwoocommerce_product_meta_endclasses\Frontend.php:61

actionwoocommerce_after_add_to_cart_buttonclasses\Frontend.php:64

actionwoocommerce_before_add_to_cart_formclasses\Frontend.php:67

actionwoocommerce_single_product_summaryclasses\Frontend.php:70

actionwoocommerce_single_product_summaryclasses\Frontend.php:73

filterwoocommerce_show_variation_priceclasses\Frontend.php:98

filterwoocommerce_get_price_htmlclasses\Frontend.php:102

filterwoocommerce_short_descriptionclasses\Frontend.php:109

filterrender_block_core/post-excerptclasses\Frontend.php:110

actionwp_enqueue_scriptsclasses\FrontendScripts.php:18

actionshutdownclasses\Modules.php:238

actionrest_api_initclasses\Rest.php:20

actionadmin_menuclasses\SetupWizard.php:20

actionadmin_enqueue_scriptsclasses\SetupWizard.php:21

filterwoocommerce_product_data_tabsmodules\Catalog\Admin.php:21

actionwoocommerce_product_data_panelsmodules\Catalog\Admin.php:22

actionwoocommerce_process_product_metamodules\Catalog\Admin.php:23

actiontemplate_redirectmodules\Catalog\Frontend.php:21

actiondisplay_shop_page_description_boxmodules\Catalog\Frontend.php:24

filterwoocommerce_get_price_htmlmodules\Catalog\Frontend.php:27

filterwoocommerce_loop_add_to_cart_linkmodules\Catalog\Frontend.php:29

actionwoocommerce_single_product_summarymodules\Catalog\Frontend.php:31

actionwoocommerce_product_meta_endmodules\Catalog\Frontend.php:165

actionwoocommerce_product_meta_startmodules\Catalog\Frontend.php:169

actionwoocommerce_single_product_summarymodules\Catalog\Frontend.php:172

actionwoocommerce_single_product_summarymodules\Catalog\Frontend.php:175

actionwoocommerce_after_shop_loop_itemmodules\Enquiry\Frontend.php:28

actiondisplay_shop_page_buttonmodules\Enquiry\Frontend.php:31

actionwoocommerce_single_product_summarymodules\Enquiry\Frontend.php:34

actionwp_enqueue_scriptsmodules\Enquiry\Frontend.php:36

actiondisplay_shop_page_buttonmodules\Enquiry\Frontend.php:129

actionrest_api_initmodules\Enquiry\Rest.php:18

actioninitmodules\Quote\Admin.php:17

filterwc_order_statusesmodules\Quote\Admin.php:18

filterwc_order_is_editablemodules\Quote\Admin.php:19

actiondisplay_shop_page_buttonmodules\Quote\Frontend.php:25

actionwoocommerce_after_shop_loop_itemmodules\Quote\Frontend.php:26

actionwp_enqueue_scriptsmodules\Quote\Frontend.php:27

actionrest_api_initmodules\Quote\Rest.php:17

Scheduled Events 1

quote_clean_cron

Maintenance & Trust

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedDec 5, 2025

PHP min version8.0

Downloads363K

Community Trust

Rating84/100

Number of ratings60

Active installs6K

Alternatives

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Alternatives

Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices

woocommerce-wholesale-prices

WooCommerce wholesale plugin for serving wholesale & B2B customers. Adds wholesale pricing, user roles, dynamic pricing & more.

20K 6 CVEs

Product Enquiry for WooCommerce

product-enquiry-for-woocommerce

Product Enquiry allows prospective customers to "Make an Enquiry" about a product, or "Request a Quote" right from within the product page.

10K 1 CVE

Product Enquiry for WooCommerce

gm-woocommerce-quote-popup

Allow customers to request quotes, send product enquiries, and run WooCommerce in catalog mode by hiding prices and replacing the Add to Cart button.

3K 5 CVEs

WholesaleX – B2B & Wholesale Plugin for WooCommerce with Wholesale Prices

wholesalex

Best WooCommerce wholesale plugin with features like b2b wholesale prices, wholesale order form, tiered pricing, catalog mode, dynamic pricing, etc!

2K 4 CVEs

WC Call For Price

wc-call-for-price

100

Hide prices & 'Add to Cart' button. Replace with a 'Call For Price' button, text, or quote form. Ideal for catalog mode, B2B & variable pricing.

1K No CVEs

Developer Profile

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Developer Profile

MultiVendorX

5 plugins · 13K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

271 days

View full developer profile

Detection Fingerprints

How We Detect CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woocommerce-catalog-enquiry/assets/css/admin.css/wp-content/plugins/woocommerce-catalog-enquiry/assets/js/admin.js

Script Paths

/wp-content/plugins/woocommerce-catalog-enquiry/assets/js/admin.js

Version Parameters

woocommerce-catalog-enquiry/assets/css/admin.css?ver=woocommerce-catalog-enquiry/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

admin-main-wrapper

Data Attributes

data-setting-id

JS Globals

CatalogX

FAQ

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Security & Risk Analysis

Is CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Release Timeline

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Code Analysis

SQL Query Safety

Output Escaping

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Attack Surface

AJAX Handlers 4

Shortcodes 3

Scheduled Events 1

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Alternatives

Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices

Product Enquiry for WooCommerce

Product Enquiry for WooCommerce

WholesaleX – B2B & Wholesale Plugin for WooCommerce with Wholesale Prices

WC Call For Price

CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce Developer Profile

How We Detect CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce