CVE-2026-8418

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

EUVD-2026-31014

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

CVE-2026-8418

The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gccrud function which handles the delete action action=delete via a GET request without any wpverifynonce /...

PT-2026-42076

Name of the Vulnerable Software and Affected Versions Games Catalog versions prior to 1.2.1 Description The Games Catalog plugin for WordPress is susceptible to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...

Malicious code in backstage-plugin-wpe-catalog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ba337d37ef9344a2df43beb88ffec3f1061cba440eb4c4ed69798da6f3122b5 The package backstage-plugin-wpe-catalog was found to contain malicious code...

WordPress PDF Catalog for WooCommerce plugin <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin PDF Catalog for WooCommerce versions = 1.1.18...

EUVD-2023-46179

Malicious code in bioql PyPI...

CVE-2023-41687

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Irina Sokolovskaya Goods Catalog plugin = 2.4.1 versions...

CVE-2023-51688

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26...

CVE-2021-24875

The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue...

CVE-2024-12771 eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customerpanelpasswordreset' function. This makes it possible for...

CVE-2024-12771

CVE-2024-12771 affects the eCommerce Product Catalog Plugin for WordPress. It is a CSRF vulnerability caused by missing nonce validation in customer_panel_password_reset, enabling unauthenticated attackers to reset the password of any administrator or customer account via a forged request if the ...

CVE-2024-53983

The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git config injection. The vulnerability allows an...

CVE-2024-53983 Server-side request forgery in Backstage Scaffolder plugin

The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git config injection. The vulnerability allows an...

CVE-2024-31921 WordPress Ultimate Product Catalog plugin <= 5.2.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15...

CVE-2023-5979

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products...

CVE-2023-47839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.26 versions...

CVE-2023-47839 WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.26 versions...

CVE-2023-41687

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Irina Sokolovskaya Goods Catalog plugin = 2.4.1 versions...

CVE-2023-41687 WordPress Goods Catalog Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Irina Sokolovskaya Goods Catalog plugin = 2.4.1 versions...