7 matches found
CVE-2024-29112
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0...
CVE-2024-7258
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...
WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Arbitrary File Deletion
Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-7258 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID b704b4dc18ba Credits Lucio ...
WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Broken Access Control
Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edc9e66e9cf4 Credits Lucio Sá Required...
CVE-2024-3067 WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
PT-2024-23555 · WordPress · Woocommerce Google Feed Manager
Name of the Vulnerable Software and Affected Versions: WooCommerce Google Feed Manager plugin for WordPress versions up to, and including, 2.4.2 Description: The issue allows for SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...
WordPress WooCommerce Google Feed Manager Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29112 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a47ab0c3a92d Credits Joshua Chan Required...