Vulnerabilities and security researches forpost-type-x post-type-x

Jun 06, 2024

CVE, Research URL: CVE-2023-51687
Home page URL: Security reports for Product Catalog Simple
Application: Product Catalog Simple
Date: Dec 29, 2023
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6.
Affected versions: max 1.7.6.
Status: vulnerable

CVE, Research URL: CVE-2023-29388
Home page URL: Security reports for Product Catalog Simple
Application: Product Catalog Simple
Date: Apr 07, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.
Affected versions: max 1.7.0.
Status: vulnerable

CVE, Research URL: bb7535a108622ca2362f0fa38cfa9b56761b9861
Home page URL: Security reports for Product Catalog Simple
Application: Product Catalog Simple
Date: Sep 16, 2020
Research Description: Product Catalog Simple [post-type-x] < 1.5.13 (closed) WordPress Product Catalog Simple plugin <= 1.5.12 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability found by Jerome Bruandet (NinTechNet) in WordPress Product Catalog Simple plugin (versions <= 1.5.12).
Affected versions: max 1.5.13.
Status: vulnerable

CVE, Research URL: CVE-2020-36743
Home page URL: Security reports for Product Catalog Simple
Application: Product Catalog Simple
Date: Jul 01, 2023
Research Description: The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.7.6.
Status: vulnerable

CVE, Research URL: -
Home page URL: Security reports for Product Catalog Simple
Application: Product Catalog Simple
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: max 1.5.13.
Status: vulnerable

Mar 01, 2025

CVE, Research URL: CVE-2025-1405
Home page URL: Security reports for Product Catalog Simple
Application: Product Catalog Simple
Date: Feb 28, 2025
Research Description: The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.8.0.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-62061
Home page URL: Security reports for Product Catalog Simple
Application: Product Catalog Simple
Date: Oct 22, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in impleCode Product Catalog Simple post-type-x.This issue affects Product Catalog Simple: from n/a through <= 1.8.4.
Affected versions: max 1.8.4.
Status: vulnerable