CVE Catalog
CVE-2026-57360
HighCVSS 7.1Summary
The eCommerce Product Catalog plugin version 3.5.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
Risk Assessment
The risk includes user session theft, redirects to malicious sites, and e-commerce store defacement. The attack can affect all website visitors.
Recommendation
Immediately update the eCommerce Product Catalog plugin to a version newer than 3.5.4. If no update is available, temporarily disable the plugin.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.

