eCommerce Product Catalog Plugin for WordPress

Vulnerabilities 31Slug ecommerce-product-catalogLatest version 3.5.3WordPress.org →

Minimum safe version

3.4.4

Update to 3.4.4 or later to address 31 fixable vulnerabilities

Latest available3.5.3 ✓

High 7.2

2025-06-22< 3.4.4

eCommerce Product Catalog <= 3.4.3 - Authenticated (Orders manager+) PHP Object Injection

Wordfence CVE EUVD

High 8.8

2024-12-21< 3.3.44

CVE-2024-12771

CVE Wordfence Patchstack

High 7.1

2024-04-18< 3.3.33

CVE-2024-32558

CVE Wordfence Patchstack

Medium 4.3

2024-04-15< 3.3.29

CVE-2024-32437

CVE Wordfence Patchstack

Medium 5.3

2024-12-27< 3.3.27

WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Sensitive Data Exposure

Patchstack CVE Wordfence WPScan

Medium 6.5

2023-12-04< 3.3.26

CVE-2023-5979

CVE WPScan

Medium 6.5

2023-11-22< 3.3.27

CVE-2023-47839

CVE Patchstack WPScan

N/A

2023-11-14< 3.3.26

WordPress eCommerce Product Catalog Plugin <= 3.3.25 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack

N/A

2023-11-14< 3.3.27

eCommerce Product Catalog for WordPress <= 3.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Wordfence

N/A

2023-11-13< 3.3.26

eCommerce Product Catalog for WordPress <= 3.3.25 - Cross-Site Request Forgery

Wordfence

N/A

< 3.0.71

eCommerce Product Catalog Plugin for WordPress < 3.0.71 - Reflected XSS

WPScan

N/A

< 3.0.72

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS via AJAX

WPScan

N/A

< 3.0.72

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS

WPScan

Medium 4.3

2023-07-01< 2.9.44

CVE-2021-4392

CVE Wordfence

Medium 4.3

2023-07-01< 3.0.18

CVE-2021-4393

CVE Wordfence WPScan

N/A

2023-06-07< 2.9.44

CVE-2021-4342

CVE

Medium 4.8

2023-03-20< 3.3.9

WordPress eCommerce Product Catalog Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

Medium 5.9

2023-04-07< 3.3.5

CVE-2023-25049

CVE Patchstack Wordfence WPScan

N/A

< 3.0.18

eCommerce Product Catalog < 3.0.18 - CSRF Nonce Bypass

WPScan

N/A

< 2.9.44

Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass

Wordfence

N/A

2022-10-10< 3.0.71

eCommerce Product Catalog Plugin for WordPress <= 3.0.70 - Reflected Cross-Site Scripting

Wordfence

N/A

2022-10-11< 3.0.70

eCommerce Product Catalog Plugin for WordPress <= 3.0.69 - Reflected Cross-Site Scripting

Wordfence

N/A

2022-10-17< 3.0.72

eCommerce Product Catalog <= 3.0.71 - Reflected Cross-Site Scripting

Wordfence

N/A

2022-10-17< 3.0.72

eCommerce Product Catalog <= 3.0.71 - Reflected Cross-Site Scripting

Wordfence

N/A

2022-10-17< 3.0.72

WordPress eCommerce Product Catalog plugin <= 3.0.71 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2022-10-17< 3.0.72

WordPress eCommerce Product Catalog plugin <= 3.0.71 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2022-10-13< 3.0.71

WordPress eCommerce Product Catalog Plugin for WordPress plugin <= 3.0.70 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

< 2.9.44

Multiple Plugins/Themes - Cross-Site Request Forgery (CSRF)

WPScan

N/A

2020-09-16< 2.9.44

WordPress eCommerce Product Catalog plugin <= 2.9.43 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

N/A

2021-02-12< 3.0.18

WordPress eCommerce Product Catalog plugin <= 3.0.17 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

Medium 6.1

2021-11-23< 3.0.39

CVE-2021-24875

CVE Patchstack Wordfence WPScan