Vulnerabilities and security researches forwoo-product-feed-pro woo-product-feed-pro

Mar 30, 2026

CVE, Research URL: CVE-2026-32443
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Mar 14, 2026
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.
Affected versions: max 13.5.2.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2021-24974
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Jan 24, 2022
Research Description: The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping.
Affected versions: max 11.2.2.
Status: vulnerable

CVE, Research URL: CVE-2022-46793
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Apr 06, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.
Affected versions: max 12.4.5.
Status: vulnerable

CVE, Research URL: CVE-2024-24800
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.
Affected versions: max 13.2.6.
Status: vulnerable

CVE, Research URL: CVE-2024-32513
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Apr 17, 2024
Research Description: Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1.
Affected versions: max 13.3.2.
Status: vulnerable

CVE, Research URL: CVE-2022-0426
Home page URL: Security reports for Product Feed PRO for WooCommerce
Application: Product Feed PRO for WooCommerce
Date: Mar 07, 2022
Research Description: The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
Affected versions: max 11.2.3.
Status: vulnerable