EIP-2026-114141
PRE-CVEWordPress Plugin Ultimate Product Catalogue - SQL Injection (2)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114141. PoCs published by Felipe Molina.
AI-analyzed exploit summary This is a writeup describing an unauthenticated SQL injection vulnerability in the Ultimate Product Catalogue WordPress plugin (versions < 3.1.2). The vulnerability is in the 'SingleProduct' parameter and was fixed in version 3.1.3.
Description
WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)
Exploits (1)
exploitdb
WRITEUP
by Felipe Molina · textwebappsphp
https://www.exploit-db.com/exploits/36824
This is a writeup describing an unauthenticated SQL injection vulnerability in the Ultimate Product Catalogue WordPress plugin (versions < 3.1.2). The vulnerability is in the 'SingleProduct' parameter and was fixed in version 3.1.3.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Ultimate Product Catalogue WordPress plugin < 3.1.2
No auth needed
Prerequisites:
WordPress site with vulnerable plugin version installed
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026