WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting

WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...

CVE-2026-52693

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

CVE-2026-52693 WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

CVE-2026-52693 WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin eCommerce Product Catalog versions = 3.5.5...

CVE-2025-14343

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...

CVE-2025-63879

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

EUVD-2024-30360

Malicious code in bioql PyPI...

EUVD-2024-30255

Malicious code in bioql PyPI...

EUVD-2021-34219

Malicious code in bioql PyPI...

CVE-2025-58786

CVE-2025-58786 refers to a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin Ibtana – Ecommerce Product Addons (versions up to 0.4.7.4). The issue arises from improper neutralization of input during web page generation, enabling DOM-Based XSS. Affected software: Ibtana – Ecomme...

CVE-2025-58786 WordPress Ibtana – Ecommerce Product Addons plugin <= 0.4.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VW THEMES Ibtana – Ecommerce Product Addons ibtana-ecommerce-product-addons allows DOM-Based XSS.This issue affects Ibtana – Ecommerce Product Addons: from n/a through = 0.4.7.6...

WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin eCommerce Product Catalog versions = 3.4.3...

CVE-2025-49331 WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through = 3.4.3...

CVE-2025-49331

CVE-2025-49331 affects the WordPress plugin eCommerce Product Catalog (versions

WordPress plugin eCommerce Product Catalog 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-25708 · Unknown · Ecommerce Product Catalog

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog versions prior to 3.4.3 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in the impleCode eCommerce Product Catalog. Recommendations: For versions prior to 3.4.3,...

CVE-2023-51688

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26...

CVE-2023-5979

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products...

CVE-2024-32558

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32...