CVE Catalog

CVE-2026-57360

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The eCommerce Product Catalog plugin version 3.5.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

Risk Assessment

The risk includes user session theft, redirects to malicious sites, and e-commerce store defacement. The attack can affect all website visitors.

Recommendation

Immediately update the eCommerce Product Catalog plugin to a version newer than 3.5.4. If no update is available, temporarily disable the plugin.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS