cleantalk
Vulnerabilities and Security Researches

Product Feed PRO for WooCommerce, a672af3718203bfe2891b97dacbf7dbc502d6cfe

CVE, Research URL

a672af3718203bfe2891b97dacbf7dbc502d6cfe

Home page URL

Security reports for Product Feed PRO for WooCommerce

Application

Product Feed PRO for WooCommerce

Published on
Apr 05, 2023
Research Description
Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce [woo-product-feed-pro] < 12.4.5 Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery The Product Feed PRO for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 12.4.0. This is due to missing or incorrect nonce validation on several functions such as woosea_enable_structured_data, woosea_structured_vat, woosea_add_manipulation, woosea_add_aelia, and more. This makes it possible for unauthenticated attackers to modify several plugin options and settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 12.4.5.
Status
vulnerable
Previous vulnerability researches
Product Feed PRO for WooCommerce (CVE-2021-24974) , Jun 07, 2024
Product Feed PRO for WooCommerce (CVE-2022-46793) , Jun 07, 2024
Product Feed PRO for WooCommerce (CVE-2024-24800) , Jun 07, 2024
Product Feed PRO for WooCommerce (CVE-2024-32513) , Jun 07, 2024
Product Feed PRO for WooCommerce (CVE-2022-0426) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026