cleantalk
Vulnerabilities and Security Researches

Ultimate Product Catalog, CVE-2021-47924

CVE, Research URL

CVE-2021-47924

Home page URL

Security reports for Ultimate Product Catalog

Application

Ultimate Product Catalog

Published on
May 10, 2026
Research Description
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary code when the product is viewed.
Affected versions
max 5.8.2.
Status
vulnerable
Previous vulnerability researches
Booster for WooCommerce (CVE-2024-13342) , Sep 01, 2025
Booster for WooCommerce (CVE-2024-13708) , Apr 05, 2025
Booster for WooCommerce (CVE-2024-13744) , Apr 05, 2025
Booster for WooCommerce (CVE-2022-3763) , Jun 07, 2024
Booster for WooCommerce (CVE-2021-34646) , Jun 07, 2024
New vulnerability
Ultimate Product Catalog (CVE-2021-47924) , May 12, 2026
Payment forms, Buy now buttons and Invoicing System | GetPaid (CVE-2021-47948) , May 12, 2026
Testimonial Slider (CVE-2022-50947) , May 12, 2026
Simple Cloudflare Turnstile – CAPTCHA Alternative (CVE-2026-40799) , May 12, 2026
IP2Location Country Blocker (CVE-2022-50961) , May 12, 2026