Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Ultimate Product Catalog by Etoilewebdesign
CVE-2016-20075 (GCVE-0-2016-20075)
Vulnerability from nvd – Published: 2026-06-15 12:00 – Updated: 2026-06-15 19:24
VLAI
EPSS
VEX
Title
WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE
Summary
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40012 | exploit |
| http://www.EtoileWebDesign.com/ | product |
| https://www.vulncheck.com/advisories/wordpress-ul… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Etoilewebdesign | Ultimate Product Catalog |
Affected:
3.8.6
|
Date Public
2016-06-23 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20075",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T15:32:17.609595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T19:24:34.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ultimate Product Catalog",
"vendor": "Etoilewebdesign",
"versions": [
{
"status": "affected",
"version": "3.8.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joaquin Ramirez Martinez [ i0akiN SEC-LABORATORY ]"
}
],
"datePublic": "2016-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T12:00:43.707Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40012",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40012"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.EtoileWebDesign.com/"
},
{
"name": "VulnCheck Advisory: WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wordpress-ultimate-product-catalog-arbitrary-file-upload-rce"
}
],
"title": "WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20075",
"datePublished": "2026-06-15T12:00:43.707Z",
"dateReserved": "2026-06-15T11:43:07.416Z",
"dateUpdated": "2026-06-15T19:24:34.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47924 (GCVE-0-2021-47924)
Vulnerability from nvd – Published: 2026-05-10 12:43 – Updated: 2026-05-28 14:41
VLAI
EPSS
VEX
Title
WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price
Summary
Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary code when the product is viewed.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50534 | exploit |
| https://www.etoilewebdesign.com | product |
| https://wordpress.org/plugins/ultimate-product-ca… | product |
| https://www.vulncheck.com/advisories/wordpress-pl… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Etoilewebdesign | Ultimate Product Catalogue |
Affected:
5.8.2
(semver)
|
Date Public
2021-11-18 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47924",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T02:37:22.138280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T02:37:36.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Product Catalogue",
"vendor": "Etoilewebdesign",
"versions": [
{
"status": "affected",
"version": "5.8.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:etoilewebdesign:ultimate_product_catalog:5.8.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Murat DEMIRCI (@murat0x7)"
}
],
"datePublic": "2021-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary code when the product is viewed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:41:08.339Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50534",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50534"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.etoilewebdesign.com"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://wordpress.org/plugins/ultimate-product-catalogue/"
},
{
"name": "VulnCheck Advisory: WordPress Plugin Ultimate Product Catalog 5.8.2 Stored XSS via price",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wordpress-plugin-ultimate-product-catalog-stored-xss-via-price"
}
],
"title": "WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47924",
"datePublished": "2026-05-10T12:43:46.712Z",
"dateReserved": "2026-02-01T11:24:18.715Z",
"dateUpdated": "2026-05-28T14:41:08.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-20075 (GCVE-0-2016-20075)
Vulnerability from cvelistv5 – Published: 2026-06-15 12:00 – Updated: 2026-06-15 19:24
VLAI
EPSS
VEX
Title
WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE
Summary
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40012 | exploit |
| http://www.EtoileWebDesign.com/ | product |
| https://www.vulncheck.com/advisories/wordpress-ul… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Etoilewebdesign | Ultimate Product Catalog |
Affected:
3.8.6
|
Date Public
2016-06-23 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20075",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T15:32:17.609595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T19:24:34.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ultimate Product Catalog",
"vendor": "Etoilewebdesign",
"versions": [
{
"status": "affected",
"version": "3.8.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joaquin Ramirez Martinez [ i0akiN SEC-LABORATORY ]"
}
],
"datePublic": "2016-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T12:00:43.707Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-40012",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40012"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.EtoileWebDesign.com/"
},
{
"name": "VulnCheck Advisory: WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wordpress-ultimate-product-catalog-arbitrary-file-upload-rce"
}
],
"title": "WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20075",
"datePublished": "2026-06-15T12:00:43.707Z",
"dateReserved": "2026-06-15T11:43:07.416Z",
"dateUpdated": "2026-06-15T19:24:34.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47924 (GCVE-0-2021-47924)
Vulnerability from cvelistv5 – Published: 2026-05-10 12:43 – Updated: 2026-05-28 14:41
VLAI
EPSS
VEX
Title
WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price
Summary
Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary code when the product is viewed.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50534 | exploit |
| https://www.etoilewebdesign.com | product |
| https://wordpress.org/plugins/ultimate-product-ca… | product |
| https://www.vulncheck.com/advisories/wordpress-pl… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Etoilewebdesign | Ultimate Product Catalogue |
Affected:
5.8.2
(semver)
|
Date Public
2021-11-18 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47924",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T02:37:22.138280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T02:37:36.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Product Catalogue",
"vendor": "Etoilewebdesign",
"versions": [
{
"status": "affected",
"version": "5.8.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:etoilewebdesign:ultimate_product_catalog:5.8.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Murat DEMIRCI (@murat0x7)"
}
],
"datePublic": "2021-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary code when the product is viewed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:41:08.339Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50534",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50534"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.etoilewebdesign.com"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://wordpress.org/plugins/ultimate-product-catalogue/"
},
{
"name": "VulnCheck Advisory: WordPress Plugin Ultimate Product Catalog 5.8.2 Stored XSS via price",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wordpress-plugin-ultimate-product-catalog-stored-xss-via-price"
}
],
"title": "WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47924",
"datePublished": "2026-05-10T12:43:46.712Z",
"dateReserved": "2026-02-01T11:24:18.715Z",
"dateUpdated": "2026-05-28T14:41:08.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}