WordPress Plugin Vulnerabilities

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

Description

Unauthenticated SQL injection in ajax call when the plugin is counting the times a product is being seen by the web visitors. The vulnerable POST parameter is "Item_ID".

Vulnerable code:

In file Functions/Process_Ajax.php line 67:

[...]
$Item_ID = $_POST['Item_ID'];
$Item = $wpdb->get_row("SELECT Item_Views FROM $items_table_name WHERE Item_ID=". $Item_ID);
[...]

Proof of Concept

Affects Plugins

Plugin icon
ultimate-product-catalogue
Fixed in 3.1.3

References

Exploitdb
36823

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
Felipe Molina
Submitter twitter
felmoltor
Verified
No
WPVDB ID
1e3e9939-9948-4184-98cf-7a76b5ee7da9

Timeline

Publicly Published
2015-04-23 (about 11 years ago)
Added
2015-04-27 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-05-13
Title
Unlimited Elements For Elementor < 2.0.8 - Authenticated (Contributor+) SQL Injection via 'filter_search' Parameter
Published
2025-12-12
Title
افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection
Published
2025-09-22
Title
Perfect Brands for WooCommerce < 3.6.3 - Authenticated (Contributor+) SQL Injection
Published
2021-11-15
Title
Mediamatic < 2.8.1 - Subscriber+ SQL Injection
Published
2023-10-03
Title
Advanced Page Visit Counter < 8.0.1 - Contributor+ SQLi