Adtribes: >> Product Feed Pro For Woocommerce >> 11.1.0 Security Vulnerabilities
Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-04-06
The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-07