Vulnerabilities

CVE-2021-24993

by Fred · 07/02/2022

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin’s settings for example

Date published : 2022-02-07

https://plugins.trac.wordpress.org/changeset/2650578

https://wpscan.com/vulnerability/514416fa-d915-4953-bf1b-6dbf40b4d7e5

Similar

Tags: Cybersecurity Alert