WordPress Plugin Vulnerabilities

Ultimate Product Catalogue <= 3.9.8 - Unauthenticated Blind SQL Injection

Description

The Ultimate Product Catalog – WordPress Catalog Plugin WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
ultimate-product-catalogue
Fixed in 3.9.9

References

Exploitdb
40174

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
f7add1ba-ab1e-45dd-bbf4-f6c50d0e2cca

Timeline

Publicly Published
2016-07-29 (about 9 years ago)
Added
2016-07-29 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-02-17
Title
Tour Master - Tour Booking, Travel, Hotel < 5.3.8 - Authenticated (Subscriber+) SQL Injection via review_id Parameter
Published
2015-07-10
Title
CP Multi View Event Calendar <= 1.1.7 - Unauthenticated SQL Injection
Published
2023-04-19
Title
Shortcode IMDB <= 6.0.8 - Admin+ SQLi
Published
2024-08-28
Title
Front End Users < 3.2.29 - Authenticated (Contributor+) Time-Based SQL Injection
Published
2025-02-24
Title
Bravo Search & Replace <= 1.0 - Authenticated (Administrator+) SQL Injection