CVE-2021-25068

Summary

The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard

Affected Software

VendorProductVersion RangeStatus
UnknownSync WooCommerce Product feed to Google Shopping1.2.4 <= 1.2.4affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References