WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting

WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...

CVE-2023-25049

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.4 versions...

CVE-2023-29388

Unauth. Reflected Cross-Site Scripting XSS vulnerability in impleCode Product Catalog Simple plugin = 1.6.17 versions...

CVE-2025-62061

Cross-Site Request Forgery CSRF vulnerability in impleCode Product Catalog Simple post-type-x.This issue affects Product Catalog Simple: from n/a through = 1.8.4...

EUVD-2023-32960

Malicious code in bioql PyPI...

EUVD-2025-28296

Malicious code in bioql PyPI...

EUVD-2025-30487

Malicious code in bioql PyPI...

EUVD-2024-30608

Malicious code in bioql PyPI...

EUVD-2025-17263

Malicious code in bioql PyPI...

EUVD-2024-30255

Malicious code in bioql PyPI...

EUVD-2023-56387

Malicious code in bioql PyPI...

CVE-2025-49331

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through = 3.4.3...

CVE-2025-49305

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through = 1.8.1...

CVE-2025-49305

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through = 1.8.1...

PT-2025-24233 · Implecode · Implecode Product Catalog Simple

Name of the Vulnerable Software and Affected Versions: impleCode Product Catalog Simple versions 1.8.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can...

CVE-2024-32437

Cross-Site Request Forgery CSRF vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28...

CVE-2023-47839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.26 versions...

CVE-2023-51687

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6...

CVE-2024-32822

Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4...

CVE-2024-32822

Technical details for CVE-2024-32822 are not provided in the supplied documents. No affected product/version or remediation details are disclosed here. Monitor for official advisories to obtain exact impact and fixes.