Cross-Site Scripting Vulnerability in WebAppick WooCommerce Product Feed Plugin
CVE-2019-1010124

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: WooCommerce Product Feed
Vendor: CVE Published:; 23 July 2019

What is CVE-2019-1010124?

The WebAppick WooCommerce Product Feed plugin versions prior to 2.2.18 contain a Cross-Site Scripting vulnerability that could allow authenticated administrators to manipulate theme files, potentially leading to remote code execution. This security flaw occurs in the script found in the admin/partials/woo-feed-manage-list.php file. Attackers must have administrator access to exploit this vulnerability, making it critical for WordPress site owners to ensure their plugins are up-to-date and review their administrative permissions.

Affected Version(s)

WooCommerce Product Feed ≤ 2.2.18

References

https://www.youtube.com/watch?v=T-sqQDFRRBg

https://wpvulndb.com/vulnerabilities/9856

http://packetstormsecurity.com/files/154263/WordPress-Woo...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Mar 20, 2019

JSON

Wordpress

What is CVE-2019-1010124?

Affected Version(s)

References

CVSS V3.1

Timeline