cleantalk
Vulnerabilities and Security Researches

Ultimate Product Catalog, CVE-2021-24993

CVE, Research URL

CVE-2021-24993

Home page URL

Security reports for Ultimate Product Catalog

Application

Ultimate Product Catalog

Published on
Feb 07, 2022
Research Description
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example
Affected versions
max 2.1.1.
Status
vulnerable
Previous vulnerability researches
Ultimate Product Catalog (CVE-2021-24993) , Jun 07, 2024
Ultimate Product Catalog (CVE-2023-2711) , Jun 07, 2024
Ultimate Product Catalog (CVE-2024-31921) , Jun 07, 2024
Ultimate Product Catalog (CVE-2021-47924) , May 12, 2026
Ultimate Product Catalog (CVE-2017-12200) , Jun 10, 2024
New vulnerability
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2021-47922) , May 12, 2026
Ultimate Product Catalog (CVE-2021-47924) , May 12, 2026
Payment forms, Buy now buttons and Invoicing System | GetPaid (CVE-2021-47948) , May 12, 2026
Testimonial Slider (CVE-2022-50947) , May 12, 2026
Simple Cloudflare Turnstile – CAPTCHA Alternative (CVE-2026-40799) , May 12, 2026