WooCommerce Product Feed for Google, Facebook, eBay and Many More < 3.1.15 – Authenticated Reflected XSS | CVE 2019-1010124

Affects Plugins

webappick-product-feed-for-woocommerce

Fixed in 3.1.15

References

CVE

CVE-2019-1010124

Exploitdb

47327

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Damian Ebelties

Verified

No

WPVDB ID

44c58d0e-7770-4a8a-a1b5-de2f02ccdc24

Timeline

Publicly Published

2019-08-30 (about 6 years ago)

Added

2019-08-30 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-01-16

Title

Recip.ly Plugin <= 1.1.8 - Reflected Cross-Site Scripting

Published

2023-07-17

Title

WPBulky < 1.0.10 - Contributor+ Stored Cross-Site Scripting

Published

2025-04-10

Title

UXsniff <= 1.2.8 - Reflected Cross-Site Scripting

Published

2025-12-15

Title

VK Google Job Posting Manager < 1.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-12-11

Title

Ninja Forms < 3.8.20 - Unauthenticated Stored XSS via Form Calculations