2 matches found
CVE-2017-12199
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogueupdateorder list-item, videoupdateorder video-item, imageupdateorder list-item, taggroupupdateorder listitem, categoryproductsupdateorder...
CVE-2017-12199
The CVE-2017-12199 entry documents a SQL injection in the WordPress plugin Etoile Ultimate Product Catalog (version 4.2.11). The vulnerability arises via multiple wp-admin/admin-ajax.php POST actions (catalogue_update_order, list-item, video_update_order, image_update_order, tag_group_update_orde...