Product Catalog Simple

Vulnerabilities 14Slug post-type-xLatest version 1.8.6WordPress.org →

Minimum safe version

1.8.5

Update to 1.8.5 or later to address 14 fixable vulnerabilities

Latest available1.8.6 ✓

Medium 6.5

2025-09-22< 1.8.3

Product Catalog Simple <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence EUVD CVE

Medium 4.3

2025-10-22< 1.8.5

CVE-2025-62061

CVE Wordfence

Medium 6.5

2025-06-06< 1.8.2

CVE-2025-49305

CVE EUVD Wordfence

Medium 6.4

2025-02-28< 1.8.0

WordPress Product Catalog Simple Plugin <= 1.7.11 is vulnerable to Cross Site Scripting (XSS)

EUVD Patchstack Wordfence CVE

N/A

< 1.7.6

Product Catalog Simple < 1.7.6 - Cross-Site Request Forgery via ic_system_status

WPScan

Medium 5.3

2024-12-27< 1.7.7

WordPress Product Catalog Simple Plugin <= 1.7.6 is vulnerable to Sensitive Data Exposure

Patchstack CVE Wordfence WPScan

N/A

2023-11-09< 1.7.6

WordPress Product Catalog Simple Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack

N/A

2023-11-08< 1.7.6

Product Catalog Simple <= 1.7.5 - Cross-Site Request Forgery via ic_system_status

Wordfence

Medium 4.3

2023-07-01< 1.5.13

CVE-2020-36743

CVE Wordfence WPScan

N/A

2023-06-07< 1.5.13

CVE-2021-4342

CVE

High 7.1

2023-04-07< 1.7.0

CVE-2023-29388

CVE Patchstack Wordfence WPScan

N/A

< 1.5.13

Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass

Wordfence

N/A

< 1.5.13

Multiple Plugins/Themes - Cross-Site Request Forgery (CSRF)

WPScan

N/A

2020-09-16< 1.5.13

WordPress Product Catalog Simple plugin <= 1.5.12 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack