Implecode

Ecommerce Product Catalog

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2026-52693

  • EPSS 0.29%
  • Veröffentlicht 15.06.2026 20:19:30
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

7.2

CVE-2025-49331

  • EPSS 0.44%
  • Veröffentlicht 17.06.2025 15:01:22
  • Zuletzt bearbeitet 23.04.2026 15:31:28

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3.

7.1

CVE-2024-32558

  • EPSS 0.37%
  • Veröffentlicht 18.04.2024 10:15:09
  • Zuletzt bearbeitet 28.04.2026 19:24:46

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.

4.3

CVE-2024-32437

  • EPSS 0.21%
  • Veröffentlicht 15.04.2024 09:15:12
  • Zuletzt bearbeitet 28.04.2026 19:24:38

Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28.

7.5

CVE-2023-51688

  • EPSS 0.48%
  • Veröffentlicht 29.12.2023 15:15:10
  • Zuletzt bearbeitet 28.04.2026 19:22:55

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.

6.5

CVE-2023-5979

  • EPSS 0.28%
  • Veröffentlicht 04.12.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:42:54

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

5.4

CVE-2023-47839

  • EPSS 0.41%
  • Veröffentlicht 23.11.2023 00:15:09
  • Zuletzt bearbeitet 21.11.2024 08:30:53

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions.

4.3

CVE-2021-4392

Exploit
  • EPSS 0.4%
  • Veröffentlicht 01.07.2023 05:15:15
  • Zuletzt bearbeitet 08.04.2026 17:16:41

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() f...

4.3

CVE-2021-4393

Exploit
  • EPSS 0.4%
  • Veröffentlicht 01.07.2023 05:15:15
  • Zuletzt bearbeitet 08.04.2026 17:16:41

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it p...

4.8

CVE-2023-25049

  • EPSS 0.39%
  • Veröffentlicht 07.04.2023 12:15:07
  • Zuletzt bearbeitet 21.11.2024 07:49:00

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.