Unrated severityNVD Advisory· Published Feb 7, 2022· Updated Aug 3, 2024
Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update
CVE-2021-24993
Description
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <5.0.26
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2650578mitrex_refsource_CONFIRM
- wpscan.com/vulnerability/514416fa-d915-4953-bf1b-6dbf40b4d7e5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.