ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WooCommerce Product Feed plugin <= 3.1.14 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Product
WooCommerce Product Feed for Google, Facebook, eBay and Many More
Description
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability found by Damian Ebelties in WordPress WooCommerce Product Feed plugin (versions <= 3.1.14).
Solution
Update the WordPress WooCommerce Product Feed plugin to the latest available version (at least 3.1.15).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2019-1010124
Versions
Affected In <= 3.1.14
Fixed In 3.1.15
Disclosure date
2019-08-30
Credits
Damian Ebelties
Submitter
ThreatPress