Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ImplecodeEcommerce Product Catalog

8 matches found

CVE
CVEadded 2023/11/22 11:22 p.m.101 views

CVE-2023-47839

CVE-2023-47839 affects the WordPress plugin eCommerce Product Catalog (

6.5CVSS5.7AI score0.0017EPSS
CVE
CVEadded 2023/12/29 2:53 p.m.79 views

CVE-2023-51688

CVE-2023-51688 affects the eCommerce Product Catalog Plugin for WordPress by impleCode. The vulnerability is described as Exposure of Sensitive Information to an Unauthorized Actor, specifically via CSV file exposure for versions up to 3.3.26. Wordfence indicates the issue is real and has a patch...

7.5CVSS7.8AI score0.00693EPSS
CVE
CVEadded 2021/11/23 7:16 p.m.73 views

CVE-2021-24875

The CVE-2021-24875 entry concerns the WordPress plugin “eCommerce Product Catalog” (for WordPress) prior to version 3.0.39. Affected functionality is the ic-settings-search parameter not being escaped when echoed into an HTML attribute, causing a Reflected Cross-Site Scripting (XSS) vulnerability...

6.1CVSS6.1AI score0.21091EPSS
Web
CVE
CVEadded 2023/07/01 4:26 a.m.61 views

CVE-2021-4393

The CVE-2021-4393 entry concerns the eCommerce Product Catalog Plugin for WordPress, where a Cross-Site Request Forgery flaw stems from missing/incorrect nonce validation in the plugin’s save() function. Affected are versions up to 3.0.17. This allows unauthenticated attackers to forge requests t...

4.3CVSS4.2AI score0.00138EPSS
CVE
CVEadded 2023/04/07 11:12 a.m.59 views

CVE-2023-25049

CVE-2023-25049 affects the WordPress plugin “impleCode eCommerce Product Catalog Plugin for WordPress” (versions ≤ 3.3.4). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) issue. Public sources in connected documents consistently describe the flaw as an XSS due to ...

5.9CVSS5AI score0.00298EPSS
CVE
CVEadded 2023/07/01 4:26 a.m.51 views

CVE-2021-4392

CVE-2021-4392 affects the WordPress plugin “eCommerce Product Catalog” (versions up to and including 2.9.43). Root cause: missing or incorrect nonce validation in the implecode_save_products_meta() function, enabling CSRF. Impact: unauthenticated attackers can save product meta data by tricking a...

4.3CVSS4.2AI score0.00138EPSS
CVE
CVEadded 2023/12/04 9:27 p.m.46 views

CVE-2023-5979

CVE-2023-5979 affects the WordPress plugin eCommerce Product Catalog (versions before 3.3.26). The root cause is missing CSRF checks in some admin pages, which could let an attacker cause logged-in users to perform unwanted actions, such as deleting all products. Impact is stated as CSRF-enabled ...

6.5CVSS6.5AI score0.00129EPSS
Web
CVE
CVEadded 2023/03/17 1:13 p.m.43 views

CVE-2023-1470

CVE-2023-1470 affects the WordPress plugin “eCommerce Product Catalog” up to version 3.3.8. The root cause is insufficient input sanitization and output escaping in certain settings parameters, enabling a stored cross-site scripting (XSS) attack. Exploitation requires authenticated access with ad...

4.8CVSS4.9AI score0.00242EPSS