3 matches found
CVE-2025-1405
CVE-2025-1405 affects the WordPress plugin Product Catalog Simple (post-type-x). It is a stored XSS vulnerability via the plugin’s show_products shortcode in versions up to 1.7.11, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires an ...
CVE-2023-51687
CVE-2023-51687 affects Product Catalog Simple (Post Type-X) for WordPress, with Exposure of Sensitive Information to an Unauthorized Actor via product CSV for versions up to 1.7.6. Connected sources indicate the issue has been patched in a later release; upgrade to a version later than 1.7.6 to r...
CVE-2023-29388
CVE-2023-29388 affects WordPress plugin Product Catalog Simple (post-type-x) version