3 matches found
CVE-2021-24974
The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue which will be triggered in the admin dashboard due to th...
CVE-2021-24974 Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS
The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue which will be triggered in the admin dashboard due to th...
CVE-2021-24974
The CVE applies to WordPress Product Feed PRO for WooCommerce plugin prior to 11.0.7. Root cause is missing authorization and CSRF checks in several AJAX actions, enabling stored XSS that can be triggered in the admin dashboard by authenticated users. Affected component: Product Feed PRO for WooC...