CVSS Score of 10 (low)


Published Jul 1, 2023
Updated: Nov 7, 2023
CWE ID 352


CVE-2021-4392 is a vulnerability that affects the eCommerce Product Catalog Plugin for WordPress plugin in versions up to 2.9.43. This vulnerability allows unauthenticated attackers to save product meta data by exploiting missing or incorrect nonce validation on the implecode_save_products_meta() function. The danger lies in the fact that attackers can trick site administrators into performing actions, such as clicking on a malicious link, which could lead to unauthorized changes to product information. To remediate this vulnerability, users are advised to update their plugin to a version that includes proper nonce validation and ensure that their site administrators are cautious of clicking on suspicious links.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2021-4392 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options