The Ultimate Product Catalog plugin for WordPress is not secure in versions up to 2.1. Attackers with access to administrator-level permissions or higher can use the Catalogue_ID, SubCategory_ID, SingleProduct, and Tag_ID parameters to add extra SQL queries to the existing ones. These extra queries can be used to access and take sensitive information from the database.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
