Implecode

Ecommerce Product Catalog

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-49331

  • EPSS 0.15%
  • Veröffentlicht 17.06.2025 15:01:22
  • Zuletzt bearbeitet 17.06.2025 20:50:23

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog allows Object Injection. This issue affects eCommerce Product Catalog: from n/a through 3.4.3.

7.1

CVE-2024-32558

  • EPSS 0.24%
  • Veröffentlicht 18.04.2024 10:15:09
  • Zuletzt bearbeitet 21.11.2024 09:15:10

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Catalog: from n/a through 3.3.32.

4.3

CVE-2024-32437

  • EPSS 0.16%
  • Veröffentlicht 15.04.2024 09:15:12
  • Zuletzt bearbeitet 21.11.2024 09:14:54

Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28.

7.5

CVE-2023-51688

  • EPSS 0.69%
  • Veröffentlicht 29.12.2023 15:15:10
  • Zuletzt bearbeitet 21.11.2024 08:38:36

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.

6.5

CVE-2023-5979

  • EPSS 0.13%
  • Veröffentlicht 04.12.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:42:54

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

5.4

CVE-2023-47839

  • EPSS 0.17%
  • Veröffentlicht 23.11.2023 00:15:09
  • Zuletzt bearbeitet 21.11.2024 08:30:53

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions.

4.3

CVE-2021-4392

Exploit
  • EPSS 0.09%
  • Veröffentlicht 01.07.2023 05:15:15
  • Zuletzt bearbeitet 21.11.2024 06:37:35

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() f...

4.3

CVE-2021-4393

Exploit
  • EPSS 0.09%
  • Veröffentlicht 01.07.2023 05:15:15
  • Zuletzt bearbeitet 21.11.2024 06:37:35

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it p...

4.8

CVE-2023-25049

  • EPSS 0.09%
  • Veröffentlicht 07.04.2023 12:15:07
  • Zuletzt bearbeitet 21.11.2024 07:49:00

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.

4.8

CVE-2023-1470

  • EPSS 0.12%
  • Veröffentlicht 17.03.2023 14:15:12
  • Zuletzt bearbeitet 21.11.2024 07:39:15

The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it poss...