The Wayback Machine - https://web.archive.org/web/20210117034356/https://jetpack.com/features/security/library/catalog-plugin/

Is "WordPress Catalog" safe?

WordPress Plugin security and safety information.

Rating: Unsafe Recommendations

WordPress Catalog: Plugin Details

Type: Plugin
Author: http://web-dorado.com/
URL: https://wordpress.org/plugins/catalog/
Latest Version: 1.7.3

 

WordPress Catalog: Security Information

Insecure versions: All Versions
Known since: 2015-12-02 19:49:28


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - Multiple Script Direct Request Path Disclosure
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - catalog.php spider_box_js_php Function Multiple Parameter XSS
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - spiderBox/spiderBox.js.php Multiple Parameter XSS
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - Products.html.php Multiple Parameter XSS
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - Categories.html.php Multiple Parameter XSS
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - Category Entry Multiple Field XSS
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - products.php Multiple Function Multiple Parameter SQL Injection
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - Categories.php Multiple Function id Parameter SQL Injection
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - catalog.php catalog_after_search_results Function s Parameter SQL Injection
More Information:


Insecure versions: Up To 1.4.6
Known since: 2014-03-14 20:57:04
Description: Spider Catalog 1.4.6 - Multiple Shortcode id Parameter SQL Injection
More Information:


Insecure versions: Up To 1.4.7
Known since: 2013-06-17 01:13:39
Description: SQL Injection


 

WordPress Catalog: Safety Recommendations

We have rated WordPress Catalog as Unsafe which means that all versions of the plugin have vulnerabilities.

We recommend that until an update is released do not use WordPress Catalog.

WordPress Catalog: Staying Up-to-date

Make sure your installation of WordPress Catalog is safe with the following free Jetpack services for WordPress sites:
  • Updates & Management
    Turn on auto-updates for WordPress Catalog or manage in bulk.
  • Prevent Infiltrations
    Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

WordPress Catalog: Keeping Safe

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:
  • Automated Backups
    Full backup of your entire site with unlimited storage space.
  • Restores & Migrations
    Restore or migrate your site from a backup with one click.
  • Security Scanning
    Regular, automated scans of your site for malware, threats, and hacks.
  • Expert Support
    Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information

This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.