[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUDyiulowGzlLsJq72aiq9uTSA-CYdtg41ZFQNgoQymM":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-0f2e39b3-c18c-4660-b23d-00790156bc7f-ultimate-product-catalogue","ultimate-product-catalog-multiple-vulnerabilities","Ultimate Product Catalog \u003C 3.1.3 - Multiple Vulnerabilities","The Ultimate Product Catalog plugin for WordPress has multiple vulnerabilities in versions up to, and including, 3.1.2. This is due to a lack of sanitization of user input and insufficient checks on file types. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link, and for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","ultimate-product-catalogue",null,"\u003C3.1.3","3.1.3","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2015-04-22 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0f2e39b3-c18c-4660-b23d-00790156bc7f?source=api-prod",3198]