Ultimate Product Catalog

Vulnerabilities 26Slug ultimate-product-catalogueLatest version 5.3.14WordPress.org →

Minimum safe version

5.2.16

Update to 5.2.16 or later to address 25 fixable vulnerabilities

Latest available5.3.14 ✓⚠ 1 vulnerability has no fix

Medium 6.4 Unfixed

2026-05-10≤ 5.8.2

CVE-2021-47924

CVE EUVD

Medium 4.3

2024-04-15< 5.2.16

CVE-2024-31921

CVE Wordfence Patchstack

Medium 4.8

2023-06-27< 5.2.6

CVE-2023-2711

CVE Patchstack Wordfence WPScan

N/A

2014-05-28< 2.1.1

Ultimate Product Catalog < 2.1.1 - Authenticated (Admin+) SQL Injection

Wordfence

N/A

2015-04-22< 4.2.22

Ultimate Product Catalog < 4.2.22 - Arbitrary File Upload

Wordfence

N/A

2015-04-22< 3.1.3

Ultimate Product Catalog < 3.1.3 - Multiple Vulnerabilities

Wordfence

N/A

2015-06-07< 3.1.3

Ultimate Product Catalogue < 3.1.3 - SQL Injection

Wordfence

N/A

2016-06-17< 3.8.2

Ultimate Product Catalog <= 3.8.1 - Missing Authorization to Plugin Settings Update

Wordfence

N/A

2017-06-27< 4.2.3

Ultimate Product Catalog < 4.2.3 - Authenticated SQL Injection

Wordfence

N/A

2017-10-03< 4.2.22

Ultimate Product Catalog <= 4.2.21 - Authorization Bypass and Cross-Site Request Forgery

Wordfence

N/A

< 3.1.2

Ultimate Product Catalogue <= 3.1.1 - Unauthenticated File Upload

WPScan

N/A

< 3.1.3

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

WPScan

N/A

< 3.1.3

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

WPScan

N/A

< 3.1.5

Ultimate Product Catalogue <= 3.1.4 - Multiple Vulnerabilities

WPScan

N/A

< 3.9.9

Ultimate Product Catalogue <= 3.9.8 - Unauthenticated Blind SQL Injection

WPScan

N/A

< 4.2.3

Ultimate Product Catalogue <= 4.2.2 - Authenticated SQL Injection

WPScan

N/A

2015-05-04< 3.1.3

WordPress Ultimate Product Catalogue plugin 3.1.2 - Multiple Vulnerabilities

Patchstack

N/A

2015-04-23< 3.1.3

WordPress Ultimate Product Catalogue plugin <=3.1.2 - Unauthenticated SQL Injection vulnerability

Patchstack

N/A

2015-04-22< 3.1.2

WordPress Ultimate Product Catalogue Plugin <= 3.1.1 - Unauthenticated File Upload

Patchstack

N/A

2016-06-20< 3.8.2

WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation

Patchstack

N/A

2016-06-27< 3.8.7

WordPress Ultimate Product Catalog Plugin 3.8.6 - Arbitrary File Upload

Patchstack

N/A

2016-06-29< 3.4

WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection

Patchstack

N/A

2016-07-29< 3.9.9

WordPress Ultimate Product Catalog Plugin <=3.9.8 - SQL Injection

Patchstack

N/A

2017-06-27< 4.2.3

WordPress Ultimate Product Catalogue plugin 4.2.2 - SQL Injection vulnerability

Patchstack

N/A

2017-10-30< 4.2.26

WordPress Ultimate Product Catalog plugin <= 4.2.24 - PHP Object Injection

Patchstack

Medium 6.5

2022-02-07< 5.0.26

CVE-2021-24993

CVE Patchstack Wordfence WPScan