PT-2026-60408 · WordPress · Product Feed Manager For Woocommerce

·

CVE-2026-15306

·

Published

2026-07-16

·

Updated

2026-07-16

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Product Feed Manager For WooCommerce versions prior to 7.6.2
Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Reflected Cross-Site Scripting. This occurs when an attacker tricks a user into clicking a link containing a malicious script injected via the s search parameter. Reflected Cross-Site Scripting is a type of attack where a script is reflected off a web application to the user's browser.
Recommendations Update to version 7.6.2 or later. As a temporary mitigation, restrict access to the search functionality utilizing the s parameter.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15306

Affected Products

Product Feed Manager For Woocommerce