VYPR
Unrated severityNVD Advisory· Published Feb 7, 2022· Updated Aug 3, 2024

Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update

CVE-2021-24993

Description

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.