cleantalk
Vulnerabilities and Security Researches

Ultimate Product Catalog, CVE-2023-2711

CVE, Research URL

CVE-2023-2711

Home page URL

Security reports for Ultimate Product Catalog

Application

Ultimate Product Catalog

Published on
Jun 27, 2023
Research Description
The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
max 5.2.6.
Status
vulnerable
Previous vulnerability researches
Ultimate Product Catalog (CVE-2021-24993) , Jun 07, 2024
Ultimate Product Catalog (CVE-2023-2711) , Jun 07, 2024
Ultimate Product Catalog (CVE-2024-31921) , Jun 07, 2024
Ultimate Product Catalog (CVE-2021-47924) , May 12, 2026
Ultimate Product Catalog (CVE-2017-12200) , Jun 10, 2024
New vulnerability
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2021-47922) , May 12, 2026
Ultimate Product Catalog (CVE-2021-47924) , May 12, 2026
Payment forms, Buy now buttons and Invoicing System | GetPaid (CVE-2021-47948) , May 12, 2026
Testimonial Slider (CVE-2022-50947) , May 12, 2026
Simple Cloudflare Turnstile – CAPTCHA Alternative (CVE-2026-40799) , May 12, 2026