CVE-2021-25068

Name of the Vulnerable Software and Affected Versions Sync WooCommerce Product feed to Google Shopping WordPress plugin versions 1.2.4 and earlier

Description The issue concerns a SQL injection vulnerability in the admin dashboard. It arises from the improper sanitization of the feed id POST parameter for use in a SQL statement. This allows for potential exploitation.

Recommendations For versions 1.2.4 and earlier, as a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation. Avoid using the feed id parameter in the affected POST requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.