Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total9
Critical0
High1
Medium8
Reset
Showing 1-9 of 9 records
Threat Entry Updated 2024-12-21

CVE-2024-12771 - Ecommerce Product Catalog Plugin

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Ecommerce Product Catalog

CVE-2024-12771

HIGH CVSS 8.8 2024-12-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-51688 - Ecommerce Product Catalog Plugin

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.

PLUGIN Ecommerce Product Catalog

CVE-2023-51688

MEDIUM CVSS 5.3 2023-12-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5979 - Ecommerce Product Catalog Plugin

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

PLUGIN Ecommerce Product Catalog

CVE-2023-5979

MEDIUM CVSS 6.5 2023-12-04
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4393 - Ecommerce Product Catalog Plugin

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Ecommerce Product Catalog

CVE-2021-4393

MEDIUM CVSS 4.3 2023-07-01
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4392 - Ecommerce Product Catalog Plugin

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Ecommerce Product Catalog

CVE-2021-4392

MEDIUM CVSS 4.3 2023-07-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-1470 - Ecommerce Product Catalog Plugin

The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Ecommerce Product Catalog

CVE-2023-1470

MEDIUM CVSS 4.4 2023-03-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24875 - Ecommerce Product Catalog Plugin

The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue

PLUGIN Ecommerce Product Catalog

CVE-2021-24875

MEDIUM CVSS 6.1 2021-11-23
Open Full Technical Breakdown
Scroll to top