Reflected Cross-Site Scripting in Product Feed Manager for WooCommerce by WordPress
CVE-2026-15306

6.1MEDIUM

What is CVE-2026-15306?

The Product Feed Manager for WooCommerce plugin allows unauthenticated attackers to exploit a reflected cross-site scripting vulnerability through the 's' search parameter. This occurs due to inadequate input sanitization and output escaping in all versions up to and including 7.6.1. Attackers can inject arbitrary web scripts into pages, which may execute if users are tricked into clicking on malicious links, jeopardizing user security and data integrity.

Affected Version(s)

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces 0 <= 7.6.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.