Lucene search
K

7 matches found

CVE
CVE
added 2025/11/21 12:29 p.m.10 views

CVE-2025-66089

CVE-2025-66089 concerns the WebToffee Product Feed for WooCommerce plugin (Wordpress) versions up to and including 2.3.1, with a Missing Authorization vulnerability enabling exploitation of incorrectly configured access control. The CVSS v3.1 base score is 4.3 (Medium), and the exploit vector is ...

4.3CVSS6.6AI score0.00177EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/30 2:35 p.m.3 views

WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Product Feed for WooCommerce versions = 2.3.1...

4.3CVSS7AI score0.00177EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/06/06 12:53 p.m.11 views

CVE-2025-49287 WordPress Product Feed for WooCommerce plugin <= 2.2.8 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through = 2.2.8...

4.3CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/15 7:40 a.m.17 views

CVE-2024-32087 WordPress Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More plugin <= 3.5.7 - Auth. SQL Injection (SQLi) vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7...

7.6CVSS8.1AI score0.00574EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.11 views

WordPress Product Feed PRO for WooCommerce Plugin <= 13.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Product Feed PRO for WooCommerce Type Plugin Vulnerable versions = 13.2.5 Fixed in 13.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24800 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 937a0dd44e83 Credits Rafie Muhamma...

7.1CVSS6.6AI score0.00394EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.8 views

WordPress Product Feed Manager Plugin <= 2.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Product Feed Manager Type Plugin Vulnerable versions = 2.2.7 Fixed in 3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WPFunnels Team PSID 5d8a4ef78a56 Credits Rafie Muhammad Patchstack Required...

5.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/23 12:0 a.m.18 views

WordPress Product Feed PRO for WooCommerce plugin <= 11.0.6 - Settings Update to Stored Cross-Site Scripting (XSS) vulnerability

Settings Update to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Product Feed PRO for WooCommerce plugin versions = 11.0.6. Solution Update the WordPress Product Feed PRO for WooCommerce plugin to the latest available version at least 11.0.7...

5.4CVSS1.9AI score0.00607EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder