Exploit for CVE-2025-10046

CVE-2025-10046 - ELEX WooCommerce Google Shopping Author: By...

CVE-2025-10046

The ELEX WooCommerce Google Shopping Google Product Feed plugin for WordPress is vulnerable to SQL Injection via the 'filetodelete' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2025-54030

Cross-Site Request Forgery CSRF vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through = 1.3.20...

CVE-2024-29112

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0...

CVE-2024-1562

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin...

CVE-2024-7258

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...

WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Broken Access Control

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edc9e66e9cf4 Credits Lucio Sá Required...

WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Arbitrary File Deletion

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-7258 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID b704b4dc18ba Credits Lucio ...

CVE-2024-3067 WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

PT-2024-23555 · WordPress · Woocommerce Google Feed Manager

Name of the Vulnerable Software and Affected Versions: WooCommerce Google Feed Manager plugin for WordPress versions up to, and including, 2.4.2 Description: The issue allows for SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...

CVE-2024-32087

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7...

WordPress WooCommerce Google Feed Manager Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29112 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a47ab0c3a92d Credits Joshua Chan Required...

WordPress WooCommerce Google Sheet Connector Plugin <= 1.3.11 is vulnerable to Broken Access Control

Software WooCommerce Google Sheet Connector Type Plugin Vulnerable versions = 1.3.11 Fixed in 1.3.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1562 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a751d510280b Credits Francesco...

CVE-2023-2329

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

PT-2023-18888

Name of the Vulnerable Software and Affected Versions WooCommerce Google Sheet Connector WordPress plugin versions prior to 1.3.6 Description The issue concerns a lack of CSRF check when updating the Access Code, allowing attackers to potentially make logged-in admins change the access code to an...

WordPress WooCommerce Google Sheet Connector Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Google Sheet Connector Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2329 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d1cb29a7b9f8 Credits...

ELEX WooCommerce Google Shopping < 1.2.4 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the search GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue, which will be executed in a logged in admin context PoC https://example.com/wp-admin/admin.php?page=elex-product-feed-manage="...