cleantalk
Vulnerabilities and Security Researches

Ultimate Product Catalog, 1e3e9939-9948-4184-98cf-7a76b5ee7da9

CVE, Research URL

1e3e9939-9948-4184-98cf-7a76b5ee7da9

Home page URL

Security reports for Ultimate Product Catalog

Application

Ultimate Product Catalog

Published on
-
Research Description
Ultimate Product Catalog [ultimate-product-catalogue] < 3.1.3 Ultimate Product Catalogue &lt;= 3.1.2 - Unauthenticated SQL Injection Unauthenticated SQL injection in ajax call when the plugin is counting the times a product is being seen by the web visitors. The vulnerable POST parameter is &quot;Item_ID&quot;. Vulnerable code: In file Functions/Process_Ajax.php line 67: [...] $Item_ID = $_POST[&#039;Item_ID&#039;]; $Item = $wpdb-&gt;get_row(&quot;SELECT Item_Views FROM $items_table_name WHERE Item_ID=&quot;. $Item_ID); [...]
Affected versions
max 3.1.3.
Status
vulnerable
Previous vulnerability researches
GoDaddy Email Marketing (721acd71d13186ecf815419489d4f110132c0d3b) , Jun 16, 2026
GoDaddy Email Marketing (CVE-2016-10903) , Jun 07, 2024
GoDaddy Email Marketing (CVE-2023-49156) , Jun 10, 2024
New vulnerability
Community Lite Video Chat (ba5004a0eabc32b9470115e736d8f49c11d78fee) , Jun 16, 2026
Community Lite Video Chat (fce99c82-3958-4c17-88d3-6e8fa1a11e59) , Jun 16, 2026
Advanced AJAX Product Filters (c5efdac5-06ac-4baa-8c2f-0dd7e6dc1050) , Jun 16, 2026
Advanced AJAX Product Filters (3a563c81d8f23d7675a01ee42f43d5a7e24b7918) , Jun 16, 2026
Advanced AJAX Product Filters (212b7bd37d1d6fe9fb4123bc201baf84cd4ef4c2) , Jun 16, 2026