24 matches found
CVE-2024-29112
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0...
CVE-2024-7258
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2024-7258
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2024-7258
CVE-2024-7258 affects the WooCommerce Google Feed Manager plugin for WordPress (versions
WordPress WooCommerce Google Feed Manager plugin <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Feed Actions vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Feed Actions vulnerability discovered by Lucio Sá in WordPress Plugin WooCommerce Google Feed Manager versions = 2.8.0...
WordPress plugin WooCommerce Google Feed Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Broken Access Control
Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edc9e66e9cf4 Credits Lucio Sá Required...
WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Arbitrary File Deletion
Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-7258 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID b704b4dc18ba Credits Lucio ...
PT-2024-38215 · WordPress · Woocommerce Google Feed Manager
Name of the Vulnerable Software and Affected Versions: WooCommerce Google Feed Manager plugin for WordPress versions 1.0 through 2.8.0 Description: The issue is due to a missing capability check on the wppfm removeFeedFile function, allowing authenticated attackers with Contributor-level access a...
CVE-2024-3067
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
CVE-2024-3067 WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
CVE-2024-3067
CVE-2024-3067 (WooCommerce Google Feed Manager) : WordPress plugin vulnerable to SQL Injection via the id parameter in all versions up to 2.4.2 due to insufficient escaping in the SQL query; authenticated admins (and above) can inject additional SQL to extract data, and unauthenticated users coul...
CVE-2024-3067 WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
WordPress WooCommerce Google Feed Manager Plugin <= 2.4.2 is vulnerable to SQL Injection
Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3067 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7ac4b8e7f509 Credits Krzysztof Zając Required privilege...
WordPress Plugin WooCommerce Google Feed Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WooCommerce Google Feed Manager < 2.3.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Description The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...
CVE-2024-29112 WordPress WooCommerce Google Feed Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0...
CVE-2024-29112
CVE-2024-29112 is a stored XSS in the WooCommerce Google Feed Manager plugin for WordPress, affecting versions from 0 through 2.2.0. Root cause: improper neutralization of input during web page generation. Impact per sources: stored cross-site scripting that can be exploited by an authenticated u...