cleantalk
Vulnerabilities and Security Researches

CTX Feed – WooCommerce Product Feed Manager Plugin, CVE-2025-12975

CVE, Research URL

CVE-2025-12975

Home page URL

Security reports for CTX Feed – WooCommerce Product Feed Manager Plugin

Application

CTX Feed – WooCommerce Product Feed Manager Plugin

Published on
Feb 19, 2026
Research Description
The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install arbitrary plugins which can be leveraged to achieve remote code execution.
Affected versions
max 6.6.12.
Status
vulnerable
Previous vulnerability researches
Availability Calendar (CVE-2025-46528) , Apr 26, 2025
Availability Calendar (CVE-2023-48744) , Jun 07, 2024
Availability Calendar (CVE-2021-24604) , Jun 07, 2024
Availability Calendar (CVE-2021-24606) , Jun 07, 2024
WP iCal Availability (CVE-2023-46607) , Jun 10, 2024
New vulnerability
Yoast Duplicate Post (CVE-2019-25314) , Feb 27, 2026
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-15030) , Feb 27, 2026
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2026-23543) , Feb 27, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-14274) , Feb 27, 2026
CTX Feed – WooCommerce Product Feed Manager Plugin (CVE-2025-12975) , Feb 27, 2026