Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-11-21

CVE-2022-0426 - Product Feed Pro For Woocommerce Plugin

The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting

PLUGIN Product Feed Pro For Woocommerce

CVE-2022-0426

MEDIUM CVSS 5.4 2022-03-07

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24974 - Product Feed Pro For Woocommerce Plugin

The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping.

PLUGIN Product Feed Pro For Woocommerce

CVE-2021-24974

MEDIUM CVSS 5.4 2022-01-24

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2022-0426 - Product Feed Pro For Woocommerce Plugin

CVE-2021-24974 - Product Feed Pro For Woocommerce Plugin

Company Links

Contact Us