6 matches found
CVE-2025-10046
The CVE-2025-10046 issue affects the WordPress plugin ELEX WooCommerce Google Shopping (Google Product Feed) up to version 1.4.3. The vulnerability resides in includes/elex-manage-feed-ajax.php where the file_to_delete parameter is not properly sanitized and the SQL query is not prepared, allowin...
PT-2025-36366
Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Google Shopping plugin for WordPress versions up to and including 1.4.3 Description: The ELEX WooCommerce Google Shopping plugin for WordPress is susceptible to SQL Injection through the file to delete parameter. Insufficient...
CVE-2023-6638
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings...
CVE-2023-6638
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings...
Design/Logic Flaw
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings...
CVE-2023-6638 GTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings...