CVE-2016-20075 HIGH

CVE-2016-20075: WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

Vendor Etoilewebdesign
Product Ultimate Product Catalog
Weakness CWE-863 · Incorrect authorization
Published June 15, 2026
Last update June 15, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.

Explanation of Vulnerability in Simple Terms

02Summary

Ultimate Product Catalog versions 3.8.6 and later contain an authorization flaw that allows authenticated users to access or modify data they should not have permission to view or change. The vulnerability requires a valid user account but no additional user interaction. Site administrators should update to a patched version when available.

What an attacker can do

03Attacker Capabilities

Access or modify product catalog data beyond their assigned permissions.

Potential impact on your site

04Site Impact

Authenticated users can view or alter catalog content they shouldn't have access to, risking data integrity and confidentiality.

Conditions required to exploit

05Prerequisites

Attacker must have a valid user account on the site.

Key dates

06Disclosure timeline

June 15, 2026 CVE published
June 15, 2026 Record updated

Related vulnerabilities

08Related CVE