Name of the Vulnerable Software and Affected Versions:

AdTribes.Io Product Feed PRO for WooCommerce versions through 13.2.5

Description:

The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS.

Recommendations:

For versions through 13.2.5, update to a version later than 13.2.5 to resolve the issue.

As a temporary workaround, consider restricting access to sensitive `username` and `password` variables in the affected API endpoints until a patch is available.

Avoid using the vulnerable `Product Feed PRO for WooCommerce` module in the affected versions until the issue is resolved.

At the moment, there is no information about additional mitigation measures.