Lucene search
K
EtoilewebdesignUltimate Product Catalog

4 matches found

CVE
CVE
added 2022/02/07 3:47 p.m.63 views

CVE-2021-24993

The Ultimate Product Catalog WordPress plugin is affected pre-5.0.26 by missing authorization and CSRF checks in certain AJAX actions, allowing any authenticated user (e.g., a subscriber) to add arbitrary products or alter settings. Mitigation: update to version 5.0.26 or later; a PoC exists show...

6.5CVSS6.5AI score0.00469EPSS
Web
CVE
CVE
added 2023/06/27 1:17 p.m.63 views

CVE-2023-2711

The CVE-2023-2711 entry concerns the Ultimate Product Catalog WordPress plugin (prior to 5.2.6). The vulnerability arises because some settings are not properly sanitised/escaped, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisi...

4.8CVSS4.6AI score0.00501EPSS
CVE
CVE
added 2017/08/02 5:0 a.m.51 views

CVE-2017-12199

The CVE-2017-12199 entry documents a SQL injection in the WordPress plugin Etoile Ultimate Product Catalog (version 4.2.11). The vulnerability arises via multiple wp-admin/admin-ajax.php POST actions (catalogue_update_order, list-item, video_update_order, image_update_order, tag_group_update_orde...

9.8CVSS9.9AI score0.01828EPSS
Web
CVE
CVE
added 2017/08/02 5:0 a.m.44 views

CVE-2017-12200

The CVE-2017-12200 entry concerns the WordPress plugin Etoile Ultimate Product Catalog (version 4.2.11). A cross-site scripting (XSS) vulnerability exists in the Add Product Manually component, enabling a remote attacker to inject arbitrary web script or HTML. Details across sources confirm the a...

6.1CVSS6AI score0.00923EPSS