Etoilewebdesign Ultimate Product Catalog — known CVE vulnerabilities
Every CVE whose affected-product data names Etoilewebdesign Ultimate Product Catalog, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-12199 — CVSS 9.8 (critical): The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions…
CVE-2021-24993 — CVSS 6.5 (medium): The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could…
CVE-2017-12200 — CVSS 6.1 (medium): The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
CVE-2023-2711 — CVSS 4.8 (medium): The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high…