CVE-2016-20075 | THREATINT

Description

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.

PUBLISHED Reserved 2026-06-15 | Published 2026-06-15 | Updated 2026-06-15 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Incorrect Authorization

Product status

3.8.6

affected

Credits

Joaquin Ramirez Martinez [ i0akiN SEC-LABORATORY ] finder

References

www.exploit-db.com/exploits/40012 (ExploitDB-40012) exploit

www.EtoileWebDesign.com/ (Official Product Homepage) product

www.vulncheck.com/...oduct-catalog-arbitrary-file-upload-rce (VulnCheck Advisory: WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE) third-party-advisory

cve.org (CVE-2016-20075)

nvd.nist.gov (CVE-2016-20075)

Download JSON