Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-49887: CWE-94 Improper Control of Generation of Code ('Code Injection') in WPFactory Product XML Feed Manager for WooCommerce

Critical
VulnerabilityCVE-2025-49887cvecve-2025-49887cwe-94
Published: Thu Aug 14 2025 (08/14/2025, 10:34:06 UTC)
Source: CVE Database V5
Vendor/Project: WPFactory
Product: Product XML Feed Manager for WooCommerce

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.3.

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-06-11T16:06:23.852Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 689dbee4ad5a09ad0059e62d

Added to database: 8/14/2025, 10:48:04 AM

Last updated: 8/14/2025, 10:48:04 AM

Views: 1

Related Threats

CVE-2025-8957: SQL Injection in Campcodes Online Flight Booking Management System

Medium
VulnerabilityThu Aug 14 2025

CVE-2025-54707: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in RealMag777 MDTF

Critical
VulnerabilityThu Aug 14 2025

CVE-2025-54706: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Noor Alam Magical Posts Display

Medium
VulnerabilityThu Aug 14 2025

CVE-2025-54705: CWE-862 Missing Authorization in magepeopleteam WpEvently

Medium
VulnerabilityThu Aug 14 2025

CVE-2025-54704: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in hashthemes Easy Elementor Addons

Medium
VulnerabilityThu Aug 14 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats