Ecommerce Product Catalog
by Implecode
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12771 | Hig | 0.50 | 8.8 | 0.00 | Dec 21, 2024 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it… | ||
| CVE-2025-49331 | Hig | 0.47 | 7.2 | 0.00 | Jun 17, 2025 | Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3. | ||
| CVE-2023-47839 | Med | 0.42 | 6.5 | 0.00 | Nov 23, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. | ||
| CVE-2023-25049 | Med | 0.38 | 5.9 | 0.00 | Apr 7, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions. | ||
| CVE-2023-51688 | Med | 0.34 | 5.3 | 0.00 | Dec 29, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26. | ||
| CVE-2021-4392 | Med | 0.28 | 4.3 | 0.00 | Jul 1, 2023 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it… | ||
| CVE-2023-1470 | Med | 0.22 | 4.4 | 0.00 | Mar 17, 2023 | The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2021-4393 | Med | 0.21 | 4.3 | 0.00 | Jul 1, 2023 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated… |
- risk 0.50cvss 8.8epss 0.00
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it…
- risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions.
- risk 0.38cvss 5.9epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.
- risk 0.28cvss 4.3epss 0.00
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it…
- risk 0.22cvss 4.4epss 0.00
The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.21cvss 4.3epss 0.00
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated…