CVE-2019-1010124

Name of the Vulnerable Software and Affected Versions: WebAppick WooCommerce Product Feed versions 2.2.18 and earlier

Description: The issue allows for Cross Site Scripting (XSS) which can lead to Remote Code Execution (RCE) via editing theme files in WordPress. This is possible when an administrator is logged in. The vulnerable component is located in the admin/partials/woo-feed-manage-list.php file at line 63.

Recommendations: For WebAppick WooCommerce Product Feed versions 2.2.18 and earlier, update to a version later than 2.2.18 to resolve the issue.