cleantalk
Vulnerabilities and Security Researches

Ultimate Product Catalog, 1e3e9939-9948-4184-98cf-7a76b5ee7da9

CVE, Research URL

1e3e9939-9948-4184-98cf-7a76b5ee7da9

Home page URL

Security reports for Ultimate Product Catalog

Application

Ultimate Product Catalog

Published on
-
Research Description
Ultimate Product Catalog [ultimate-product-catalogue] < 3.1.3 Ultimate Product Catalogue &lt;= 3.1.2 - Unauthenticated SQL Injection Unauthenticated SQL injection in ajax call when the plugin is counting the times a product is being seen by the web visitors. The vulnerable POST parameter is &quot;Item_ID&quot;. Vulnerable code: In file Functions/Process_Ajax.php line 67: [...] $Item_ID = $_POST[&#039;Item_ID&#039;]; $Item = $wpdb-&gt;get_row(&quot;SELECT Item_Views FROM $items_table_name WHERE Item_ID=&quot;. $Item_ID); [...]
Affected versions
max 3.1.3.
Status
vulnerable
Previous vulnerability researches
Axact Author List Widget (64c0451c94de7e0131133a488609353b793f2348) , Jun 07, 2024
Axact Author List Widget (CVE-2025-22514) , Jan 15, 2025
Axact Author List Widget (b36562836dd76568d374ac032aa3b6cad3c82287) , Jun 16, 2026
Axact Author List Widget (f2497798-90dd-4f93-b6ff-31e02f8ca6fc) , Jun 16, 2026
New vulnerability
Open Graph and Twitter Card Tags (d2a6c41972461397c4b4fbb3e37ca688b3cdcef4) , Jun 16, 2026
Open Graph and Twitter Card Tags (94d86780b701970829bbefba21941f3d698e59be) , Jun 16, 2026
Open Graph and Twitter Card Tags (891309bc-6353-4a91-bcfe-4864df258913) , Jun 16, 2026
WP SPID Italia (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WP SPID Italia (8e47b49f82b0505ac2a6ff60c7eaa2e7bf6393e0) , Jun 16, 2026