Lucene search
+L

4 matches found

Nuclei
Nuclei
added 9 hours ago206 views

WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting

WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...

6.1CVSS5.8AI score0.01555EPSS
Exploits1References4
OSV
OSV
added 2021/11/23 8:15 p.m.5 views

CVE-2021-24875

The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.01555EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/11/23 7:16 p.m.26 views

CVE-2021-24875 eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting

The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.3AI score0.01555EPSS
Exploits1References1
CVE
CVE
added 2021/11/23 7:16 p.m.78 views

CVE-2021-24875

The CVE-2021-24875 entry concerns the WordPress plugin “eCommerce Product Catalog” (for WordPress) prior to version 3.0.39. Affected functionality is the ic-settings-search parameter not being escaped when echoed into an HTML attribute, causing a Reflected Cross-Site Scripting (XSS) vulnerability...

6.1CVSS6.1AI score0.01555EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder