Vulnerabilities and security researches forpurple-xmls-google-product-feed-for-woocommerce purple-xmls-google-product-feed-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2021-24511
Home page URL: Security reports for Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More
Application: Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More
Date: Sep 20, 2021
Research Description: The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Affected versions: max 3.2.3.4.
Status: vulnerable

CVE, Research URL: CVE-2024-32087
Home page URL: Security reports for Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More
Application: Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More
Date: Apr 15, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7.
Affected versions: max 3.5.7.
Status: vulnerable