CVE-2021-24974

Name of the Vulnerable Software and Affected Versions Product Feed PRO for WooCommerce WordPress plugin versions prior to 11.0.7

Description The issue is related to the lack of authorization and CSRF checks in some AJAX actions of the plugin, allowing any authenticated user to call them. This could lead to a Stored Cross-Site Scripting issue, which would be triggered in the admin dashboard due to the lack of escaping.

Recommendations For versions prior to 11.0.7, update to version 11.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard and AJAX actions to minimize the risk of exploitation.