Cross-site Scripting Vulnerability in WooCommerce Plugin by Steve Truman

CVE-2026-24526

What is CVE-2026-24526?

A Cross-site Scripting (XSS) vulnerability exists in the Email Inquiry & Cart Options for WooCommerce plugin developed by Steve Truman. This issue arises from improper neutralization of user input during web page generation, which can lead to DOM-based XSS attacks. Attackers may exploit this flaw in versions prior to 3.4.3 of the plugin, potentially allowing unauthorized users to execute arbitrary scripts in the context of a user's browser session, compromising the security of user data and overall website integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References