5 matches found
CVE-2023-51688
CVE-2023-51688 affects the eCommerce Product Catalog Plugin for WordPress by impleCode. The vulnerability is described as Exposure of Sensitive Information to an Unauthorized Actor, specifically via CSV file exposure for versions up to 3.3.26. Wordfence indicates the issue is real and has a patch...
CVE-2021-24875
The CVE-2021-24875 entry concerns the WordPress plugin “eCommerce Product Catalog” (for WordPress) prior to version 3.0.39. Affected functionality is the ic-settings-search parameter not being escaped when echoed into an HTML attribute, causing a Reflected Cross-Site Scripting (XSS) vulnerability...
CVE-2021-4393
The CVE-2021-4393 entry concerns the eCommerce Product Catalog Plugin for WordPress, where a Cross-Site Request Forgery flaw stems from missing/incorrect nonce validation in the plugin’s save() function. Affected are versions up to 3.0.17. This allows unauthenticated attackers to forge requests t...
CVE-2023-5979
CVE-2023-5979 affects the WordPress plugin eCommerce Product Catalog (versions before 3.3.26). The root cause is missing CSRF checks in some admin pages, which could let an attacker cause logged-in users to perform unwanted actions, such as deleting all products. Impact is stated as CSRF-enabled ...
CVE-2023-1470
CVE-2023-1470 affects the WordPress plugin “eCommerce Product Catalog” up to version 3.3.8. The root cause is insufficient input sanitization and output escaping in certain settings parameters, enabling a stored cross-site scripting (XSS) attack. Exploitation requires authenticated access with ad...