Missing Authorization in WPFactory Product XML Feed Manager for WooCommerce
CVE-2025-30959

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Product Xml Feed Manager For WooCommerce
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-30959?

A missing authorization vulnerability exists in the WPFactory Product XML Feed Manager for WooCommerce, allowing attackers to exploit incorrectly configured access control settings. This flaw can lead to unauthorized actions within the application, potentially exposing sensitive product data and impacting overall site security. Users of versions from n/a to 2.9.2 are particularly at risk and should take immediate steps to secure their installations.

Affected Version(s)

Product XML Feed Manager for WooCommerce <= 2.9.2

References

https://patchstack.com/database/wordpress/plugin/product-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Nguyen Tran Tuan Dung (domiee13) (Patchstack Alliance)

WordPress

What is CVE-2025-30959?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit