cleantalk
Vulnerabilities and Security Researches

Ultimate Product Catalog, 6e082389592af4f8526d806b5537ae30893080af

CVE, Research URL

6e082389592af4f8526d806b5537ae30893080af

Home page URL

Security reports for Ultimate Product Catalog

Application

Ultimate Product Catalog

Published on
May 28, 2014
Research Description
Ultimate Product Catalog [ultimate-product-catalogue] < 2.1.1 Ultimate Product Catalog < 2.1.1 - Authenticated (Admin+) SQL Injection The Ultimate Product Catalog plugin for WordPress is vulnerable to generic SQL Injection via the Catalogue_ID, SubCategory_ID, SingleProduct, & Tag_ID parameters in versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 2.1.1.
Status
vulnerable
Previous vulnerability researches
Advance WP Query Search Filter (CVE-2025-26743) , Apr 15, 2025
Advance WP Query Search Filter (CVE-2025-14313) , Jan 10, 2026
Advance WP Query Search Filter (CVE-2025-14312) , Jan 10, 2026
New vulnerability
Community Lite Video Chat (ba5004a0eabc32b9470115e736d8f49c11d78fee) , Jun 16, 2026
Community Lite Video Chat (fce99c82-3958-4c17-88d3-6e8fa1a11e59) , Jun 16, 2026
Advanced AJAX Product Filters (c5efdac5-06ac-4baa-8c2f-0dd7e6dc1050) , Jun 16, 2026
Advanced AJAX Product Filters (3a563c81d8f23d7675a01ee42f43d5a7e24b7918) , Jun 16, 2026
Advanced AJAX Product Filters (212b7bd37d1d6fe9fb4123bc201baf84cd4ef4c2) , Jun 16, 2026