Description
WordPress Plugin Product Catalog is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Product Catalog version 3.8.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.8.2 or latest
References
https://www.exploit-db.com/exploits/39974/
https://wordpress.org/plugins/ultimate-product-catalogue/changelog/
Related Vulnerabilities
WordPress Plugin IMDb Profile Widget Local File Inclusion (1.0.8)
WordPress 4.9.x Prototype Pollution (4.9 - 4.9.19)
WordPress Plugin Zlick Paywall Security Bypass (2.2.1)
WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)
WordPress Plugin Image Slider Unspecified Vulnerability (1.1.119)