Ultimate Product Catalog
Monthly
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.