Skip to main content

Product Feed Manager For Woocommerce Sell On 200 Online Marketplaces

1 CVEs product

Monthly

CVE-2026-15306 MEDIUM This Month

Reflected Cross-Site Scripting in the Product Feed Manager For WooCommerce WordPress plugin (all versions through 7.6.1) allows unauthenticated remote attackers to inject arbitrary JavaScript via the unescaped 's' search parameter, which executes in a victim's browser upon interaction with a crafted link. The vulnerability is rooted in insufficient sanitization and output escaping within the plugin's admin-facing PHP classes, as confirmed by Wordfence with direct source code references to class-rex-product-feed-actions.php and class-rex-product-feed.php. No public exploit code has been identified at time of analysis, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog.

WordPress XSS Product Feed Manager For Woocommerce Sell On 200 Online Marketplaces
NVD
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting in the Product Feed Manager For WooCommerce WordPress plugin (all versions through 7.6.1) allows unauthenticated remote attackers to inject arbitrary JavaScript via the unescaped 's' search parameter, which executes in a victim's browser upon interaction with a crafted link. The vulnerability is rooted in insufficient sanitization and output escaping within the plugin's admin-facing PHP classes, as confirmed by Wordfence with direct source code references to class-rex-product-feed-actions.php and class-rex-product-feed.php. No public exploit code has been identified at time of analysis, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog.

WordPress XSS Product Feed Manager For Woocommerce Sell On 200 Online Marketplaces
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy