VYPR

Product Catalog Simple

by Implecode

CVEs (7)

  • CVE-2023-29388HigApr 7, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.

  • CVE-2025-58992MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through <= 1.8.2.

  • CVE-2025-49305MedJun 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through <= 1.8.1.

  • CVE-2023-51687MedDec 29, 2023
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6.

  • CVE-2025-62061MedOct 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in impleCode Product Catalog Simple post-type-x.This issue affects Product Catalog Simple: from n/a through <= 1.8.4.

  • CVE-2020-36743MedJul 1, 2023
    risk 0.21cvss 4.3epss 0.00

    The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated…

  • CVE-2025-1405Feb 28, 2025
    risk 0.00cvss epss 0.00

    The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…