Cross-Site Request Forgery Vulnerability in impleCode Product Catalog by WordPress
CVE-2025-62061

Currently unrated

Key Information:

Vendor: WordPress
Status: Product Catalog Simple
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-62061?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the impleCode Product Catalog Simple plugin for WordPress. The flaw affects versions from n/a up to and including 1.8.4, allowing an attacker to exploit the lack of proper validation and authorization of user requests. Successful exploitation could lead to unauthorized actions being performed on behalf of logged-in users, jeopardizing their data and the integrity of the WordPress site. Website owners are advised to update to the latest version and implement additional security measures to mitigate the risk.

Affected Version(s)

Product Catalog Simple <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/post...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Oct 7, 2025

Credit

Nabil Irawan (Patchstack Alliance)

JSON