cleantalk
Vulnerabilities and Security Researches

Ultimate Product Catalog, 6e082389592af4f8526d806b5537ae30893080af

CVE, Research URL

6e082389592af4f8526d806b5537ae30893080af

Home page URL

Security reports for Ultimate Product Catalog

Application

Ultimate Product Catalog

Published on
May 28, 2014
Research Description
Ultimate Product Catalog [ultimate-product-catalogue] < 2.1.1 Ultimate Product Catalog < 2.1.1 - Authenticated (Admin+) SQL Injection The Ultimate Product Catalog plugin for WordPress is vulnerable to generic SQL Injection via the Catalogue_ID, SubCategory_ID, SingleProduct, & Tag_ID parameters in versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 2.1.1.
Status
vulnerable
Previous vulnerability researches
GoDaddy Email Marketing (721acd71d13186ecf815419489d4f110132c0d3b) , Jun 16, 2026
GoDaddy Email Marketing (CVE-2016-10903) , Jun 07, 2024
GoDaddy Email Marketing (CVE-2023-49156) , Jun 10, 2024
New vulnerability
Advanced AJAX Product Filters (212b7bd37d1d6fe9fb4123bc201baf84cd4ef4c2) , Jun 16, 2026
WP Hide &amp; Security Enhancer (851bbb017a404d05a340abe049ca2259f4034f35) , Jun 16, 2026
WP Hide &amp; Security Enhancer (e2c0ed4e-653b-4fe6-bedc-e00d6b127e57) , Jun 16, 2026
WP Crowdfunding (79b4071f-8696-400e-aa0b-8e20eddf68bc) , Jun 16, 2026
WP Crowdfunding (3939be2aa6ea7622bafa361ab2eb698af0517408) , Jun 16, 2026