Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

impleCode — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting impleCode. AI-powered Chinese analysis, POCs, and references for each vulnerability.

implecode develops WordPress plugins for e-commerce and content management, with 18 CVEs recorded. Historically, vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. Notable characteristics include frequent use of deprecated functions and inconsistent sanitization practices. While no major public incidents are documented, the consistent pattern of vulnerabilities suggests systemic security challenges in their development lifecycle. Their plugins' integration with WordPress core increases potential attack surfaces, particularly when default configurations remain unchanged. Security researchers have identified multiple instances where user-supplied data was processed without proper validation, leading to exploitable conditions across multiple product lines.

Top products by impleCode: eCommerce Product Catalog Plugin for WordPress Product Catalog Simple eCommerce Product Catalog Reviews Plus
CVE IDTitleCVSSSeverityPublished
CVE-2025-62061 WordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerability — Product Catalog SimpleCWE-352 4.3 Medium2025-10-22
CVE-2025-58992 WordPress Product Catalog Simple Plugin <= 1.8.2 - Cross Site Scripting (XSS) Vulnerability — Product Catalog SimpleCWE-79 6.5 Medium2025-09-22
CVE-2025-49331 WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability — eCommerce Product CatalogCWE-502 7.2 High2025-06-17
CVE-2025-49305 WordPress Product Catalog Simple plugin <= 1.8.1 - Cross Site Scripting (XSS) Vulnerability — Product Catalog SimpleCWE-79 6.5 Medium2025-06-06
CVE-2025-1405 Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode — Product Catalog SimpleCWE-79 6.4 Medium2025-02-28
CVE-2024-12771 eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset — eCommerce Product Catalog Plugin for WordPressCWE-352 8.8 High2024-12-21
CVE-2024-32822 WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability — Reviews PlusCWE-862 4.3 Medium2024-04-26
CVE-2024-32558 WordPress eCommerce Product Catalog plugin <= 3.3.32 - Cross Site Scripting (XSS) vulnerability — eCommerce Product CatalogCWE-79 7.1 High2024-04-18
CVE-2024-32437 WordPress eCommerce Product Catalog plugin <= 3.3.28 - Cross Site Request Forgery (CSRF) vulnerability — eCommerce Product CatalogCWE-352 4.3 Medium2024-04-15
CVE-2023-51688 WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Sensitive Data Exposure — eCommerce Product Catalog Plugin for WordPressCWE-200 5.3 Medium2023-12-29
CVE-2023-51687 WordPress Product Catalog Simple Plugin <= 1.7.6 is vulnerable to Sensitive Data Exposure — Product Catalog SimpleCWE-200 5.3 Medium2023-12-29
CVE-2023-47839 WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Cross Site Scripting (XSS) — eCommerce Product Catalog Plugin for WordPressCWE-79 6.5 Medium2023-11-22
CVE-2020-36743 Product Catalog Simple <= 1.5.13 - Cross-Site Request Forgery Bypass — Product Catalog SimpleCWE-352 4.3 Medium2023-07-01
CVE-2021-4392 eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery Bypass — eCommerce Product Catalog Plugin for WordPressCWE-352 4.3 Medium2023-07-01
CVE-2021-4393 eCommerce Product Catalog Plugin for WordPress <= 3.0.17 - Cross-Site Request Forgery Bypass — eCommerce Product Catalog Plugin for WordPressCWE-352 4.3 Medium2023-07-01
CVE-2023-29388 WordPress Product Catalog Simple Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS) — Product Catalog SimpleCWE-79 7.1 High2023-04-07
CVE-2023-25049 WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS) — eCommerce Product Catalog Plugin for WordPressCWE-79 5.9 Medium2023-04-07
CVE-2023-1470 eCommerce Product Catalog plugin for WordPress <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting — eCommerce Product Catalog Plugin for WordPressCWE-79 4.4 Medium2023-03-17

This page lists every published CVE security advisory associated with impleCode. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.