CVE-2016-20075 | WordPress Ultimate Product Catalog 3.8.6 contains an arbitra… | CVSS 8.8 HIGH

Description

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.

Metadata

CVE ID: CVE-2016-20075
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-15 11:43 UTC
Published: 2026-06-15 12:00 UTC
Last updated: 2026-06-15 19:24 UTC
Primary CWE: CWE-863
Incorrect Authorization
Vendor / Product: Etoilewebdesign / Ultimate Product Catalog
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Etoilewebdesign	Ultimate Product Catalog	—	3.8.6

Weakness (CWE)

CWE	Source	Description
CWE-863	cna	Incorrect Authorization

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.8	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (3)

ExploitDB-40012 https://www.exploit-db.com/exploits/40012
Official Product Homepage http://www.EtoileWebDesign.com/
VulnCheck Advisory: WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE https://www.vulncheck.com/advisories/wordpress-ultimate-product-catalog-arbitrary-file-upload-rce