HIGH
Etoilewebdesign
CVE published 2026-06-15
CVE-2016-20075
CVE-2016-20075 is a high-severity vulnerability in the WordPress Ultimate Product Catalog plugin, specifically in version 3.8.6. The vulnerability allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp- [truncated]