Vulnerabilities and security researches forwebappick-product-feed-for-woocommerce webappick-product-feed-for-woocommerce
Direction: descendingFeb 27, 2026
CTX Feed – WooCommerce Product Feed Manager Plugin # CVE-2026-22461
- CVE, Research URL
- Date
- Jan 22, 2026
- Research Description
- Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through <= 6.6.18.
- Affected versions
-
max 6.6.18.
- Status
-
vulnerable
CTX Feed – WooCommerce Product Feed Manager Plugin # CVE-2025-12975
- CVE, Research URL
- Date
- Feb 19, 2026
- Research Description
- The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install arbitrary plugins which can be leveraged to achieve remote code execution.
- Affected versions
-
max 6.6.12.
- Status
-
vulnerable
Mar 20, 2025
CTX Feed – WooCommerce Product Feed Manager Plugin # CVE-2024-38775
- CVE, Research URL
- Date
- Aug 02, 2024
- Research Description
- Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6.
- Affected versions
-
max 6.5.7.
- Status
-
vulnerable
Jun 07, 2024
CTX Feed – WooCommerce Product Feed Manager Plugin # CVE-2019-1010124
- CVE, Research URL
- Date
- Jul 23, 2019
- Research Description
- WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.
- Affected versions
-
max 3.1.15.
- Status
-
vulnerable