Name of the Vulnerable Software and Affected Versions:

ELEX WooCommerce Google Shopping plugin for WordPress versions up to and including 1.4.3

Description:

The ELEX WooCommerce Google Shopping plugin for WordPress is susceptible to SQL Injection through the `file to delete` parameter. Insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations:

Update ELEX WooCommerce Google Shopping plugin to a version later than 1.4.3.