PT-2026-60408 · WordPress · Product Feed Manager For Woocommerce
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Product Feed Manager For WooCommerce versions prior to 7.6.2
Description
Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Reflected Cross-Site Scripting. This occurs when an attacker tricks a user into clicking a link containing a malicious script injected via the
s search parameter. Reflected Cross-Site Scripting is a type of attack where a script is reflected off a web application to the user's browser.Recommendations
Update to version 7.6.2 or later.
As a temporary mitigation, restrict access to the search functionality utilizing the
s parameter.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Product Feed Manager For Woocommerce