cleantalk
Vulnerabilities and Security Researches

Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More, CVE-2021-24511

CVE, Research URL

CVE-2021-24511

Home page URL

Security reports for Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More

Application

Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More

Published on
Sep 20, 2021
Research Description
The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Affected versions
max 3.2.3.4.
Status
vulnerable
Previous vulnerability researches
Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More (CVE-2021-24511) , Jun 07, 2024
Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More (CVE-2024-32087) , Jun 07, 2024
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026