Vulnerabilities and security researches forecommerce-product-catalog ecommerce-product-catalog

Direction: ascending

Jun 07, 2024

eCommerce Product Catalog Plugin for WordPress # CVE-2023-25049

CVE, Research URL: CVE-2023-25049
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Apr 07, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2023-1470

CVE, Research URL: CVE-2023-1470
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Mar 17, 2023
Research Description: The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2021-24875

CVE, Research URL: CVE-2021-24875
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Nov 24, 2021
Research Description: The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2024-32558

CVE, Research URL: CVE-2024-32558
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Apr 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2021-4342

CVE, Research URL: -
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2021-4392

CVE, Research URL: CVE-2021-4392
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Jul 01, 2023
Research Description: The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2023-51688

CVE, Research URL: CVE-2023-51688
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Dec 29, 2023
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2024-32437

CVE, Research URL: CVE-2024-32437
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2021-4393

CVE, Research URL: CVE-2021-4393
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Jul 01, 2023
Research Description: The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2023-47839

CVE, Research URL: CVE-2023-47839
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Nov 23, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions.
Affected versions: Min -, max -.
Status: vulnerable

eCommerce Product Catalog Plugin for WordPress # CVE-2023-5979

CVE, Research URL: CVE-2023-5979
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Dec 05, 2023
Research Description: The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products
Affected versions: Min -, max -.
Status: vulnerable

Dec 22, 2024

eCommerce Product Catalog Plugin for WordPress # CVE-2024-12771

CVE, Research URL: CVE-2024-12771
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Dec 21, 2024
Research Description: The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 20, 2025

eCommerce Product Catalog Plugin for WordPress # CVE-2025-49331

CVE, Research URL: CVE-2025-49331
Home page URL: Security reports for eCommerce Product Catalog Plugin for WordPress
Application: eCommerce Product Catalog Plugin for WordPress
Date: Jun 17, 2025
Research Description: Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog allows Object Injection. This issue affects eCommerce Product Catalog: from n/a through 3.4.3.
Affected versions: Min -, max -.
Status: vulnerable