Vulnerabilities and security researches forwoo-product-feed-pro woo-product-feed-pro

Jun 07, 2024

CVE, Research URL: CVE-2021-24974
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Jan 24, 2022
Research Description: The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping.
Affected versions: max 11.0.7.
Status: vulnerable

CVE, Research URL: CVE-2022-46793
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Apr 06, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.
Affected versions: max 12.4.5.
Status: vulnerable

CVE, Research URL: CVE-2024-24800
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.
Affected versions: max 13.2.6.
Status: vulnerable

CVE, Research URL: CVE-2024-32513
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Apr 17, 2024
Research Description: Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1.
Affected versions: max 13.3.2.
Status: vulnerable

CVE, Research URL: CVE-2022-0426
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Mar 07, 2022
Research Description: The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
Affected versions: max 11.2.3.
Status: vulnerable

Mar 30, 2026

CVE, Research URL: CVE-2026-32443
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Mar 14, 2026
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.
Affected versions: max 13.5.2.1.
Status: vulnerable

Apr 14, 2026

CVE, Research URL: CVE-2026-3499
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Apr 08, 2026
Research Description: The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajax_migrate_to_custom_post_type, ajax_adt_clear_custom_attributes_product_meta_keys, ajax_update_file_url_to_lower_case, ajax_use_legacy_filters_and_rules, and ajax_fix_duplicate_feed functions. This makes it possible for unauthenticated attackers to trigger feed migration, clear custom-attribute transient caches, rewrite feed file URLs to lowercase, toggle legacy filter and rule settings, and delete duplicated feed posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 13.5.2.2.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: a672af3718203bfe2891b97dacbf7dbc502d6cfe
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Apr 05, 2023
Research Description: Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce [woo-product-feed-pro] < 12.4.5 Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery The Product Feed PRO for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 12.4.0. This is due to missing or incorrect nonce validation on several functions such as woosea_enable_structured_data, woosea_structured_vat, woosea_add_manipulation, woosea_add_aelia, and more. This makes it possible for unauthenticated attackers to modify several plugin options and settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 12.4.5.
Status: vulnerable

CVE, Research URL: 7bccaf7ec36a43eab975693e9a2e759a6142ea9f
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Jan 31, 2022
Research Description: Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce [woo-product-feed-pro] < 11.2.2 WordPress Product Feed PRO for WooCommerce plugin <= 11.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress Product Feed PRO for WooCommerce plugin (versions <= 11.2.1).
Affected versions: max 11.2.2.
Status: vulnerable