Ecommerce Product Catalog

Source repositories

https://plugins.svn.wordpress.org/ecommerce-product-catalog/

CVEs (5)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-12771	WordPress Ecommerce Product Catalog	Hig	0.57	8.8	Dec 21, 2024	The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-49331	WordPress Ecommerce Product Catalog	Hig	0.47	7.2	Jun 17, 2025	Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3.
CVE-2024-32558	WordPress Ecommerce Product Catalog	Hig	0.46	7.1	Apr 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.
CVE-2024-32437	WordPress Ecommerce Product Catalog	Med	0.28	4.3	Apr 15, 2024	Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28.
CVE-2023-5979	WordPress Ecommerce Product Catalog		0.00	—	Dec 4, 2023	The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

CVE-2024-12771HigDec 21, 2024
WordPress
Ecommerce Product Catalog
risk 0.57cvss 8.8epss 0.00
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-49331HigJun 17, 2025
WordPress
Ecommerce Product Catalog
risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3.
CVE-2024-32558HigApr 18, 2024
WordPress
Ecommerce Product Catalog
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.
CVE-2024-32437MedApr 15, 2024
WordPress
Ecommerce Product Catalog
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28.
CVE-2023-5979Dec 4, 2023
WordPress
Ecommerce Product Catalog
risk 0.00cvss —epss 0.00
The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products