Ultimate Product Catalog Security Vulnerabilities and Issues — Ultimate Product Catalog CVE List

Lucene search

EtoilewebdesignUltimate Product Catalog

4 matches found

CVE•added 2023/06/27 2:15 p.m.•48 views

CVE-2023-2711

The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8CVSS4.6AI score0.00112EPSS

CVE•added 2022/02/07 4:15 p.m.•47 views

CVE-2021-24993

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example

6.5CVSS6.5AI score0.0014EPSS

CVE•added 2017/08/02 5:29 a.m.•35 views

CVE-2017-12199

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category...

9.8CVSS9.9AI score0.01961EPSS

CVE•added 2017/08/02 5:29 a.m.•33 views

CVE-2017-12200

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.

6.1CVSS6AI score0.00266EPSS