VYPR

Ecommerce Product Catalog

by WordPress

Source repositories

CVEs (9)

  • CVE-2026-52693CriJun 15, 2026
    risk 0.60cvss 9.3epss 0.00

    Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

  • CVE-2024-12771HigDec 21, 2024
    risk 0.50cvss 8.8epss 0.00

    The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it…

  • CVE-2025-49331HigJun 17, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3.

  • CVE-2024-32558HigApr 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.

  • CVE-2023-5979MedDec 4, 2023
    risk 0.42cvss 6.5epss 0.00

    The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

  • CVE-2021-24875MedNov 23, 2021
    risk 0.40cvss 6.1epss 0.02

    The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue

  • CVE-2023-51688MedDec 29, 2023
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.

  • CVE-2024-32437MedApr 15, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28.

  • CVE-2023-1470MedMar 17, 2023
    risk 0.22cvss 4.4epss 0.00

    The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…