Vulnerabilities and security researches forbest-woocommerce-feed best-woocommerce-feed

Jun 07, 2024

CVE, Research URL: CVE-2023-52144
Home page URL: Security reports for Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces
Application: Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces
Date: Apr 15, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15.
Affected versions: max 7.3.16.
Status: vulnerable

CVE, Research URL: 6ff37c2e-e21d-4abc-bafe-8ca6a2c1ed76
Home page URL: Security reports for Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces
Application: Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces
Date: -
Research Description: Product Feed Manager- WooCommerce Product Feeds For Google Shopping, Social Catalog, TikTok Ads, and 180+ Popular Marketplaces [best-woocommerce-feed] < 2.2.3.1 Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update The library, used in numerous plugins, does not have proper authorisation when updating blog options, allowing any authenticated users, such as subscriber to update arbitrary options
Affected versions: max 2.2.3.1.
Status: vulnerable