CVE-2021-24875

MEDIUM NUCLEI

WordPress eCommerce Product Catalog <3.0.39 - XSS

Title source: llm

Description

The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue

Nuclei Templates (1)

WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (1)

[Third Party Advisory] https://wpscan.com/vulnerability/652efc4a-f931-4668-ae74-a58b288a5715

Scores

CVSS v3 6.1

EPSS 0.2109

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

implecode/ecommerce_product_catalog < 3.0.39

Published Nov 23, 2021

Tracked Since Feb 18, 2026