WordPress Product XML Feed Manager for WooCommerce Plugin

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.3.

Basic Information

ID CVE-2025-49887

Source Patchstack

Published Aug 14, 2025 at 10:34

Affected Product

Vendor WPFactory

Product Product XML Feed Manager for WooCommerce

Version n/a

Affected Versions WPFactory Product XML Feed Manager for WooCommerce n/a

CWE Classification

CWE-94

References

patchstack.com /database/wordpress/plugin/product-xml-feeds-for-woocommerce/vulnerability/wordpress-product-xml-feed-manager-for-woocommerce-plugin-2-9-3-remote-code-execution-rce-vulnerability

{
    "lastseen": "",
    "description": "Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.3.",
    "published": "2025-08-14T10:34:06.810Z",
    "modified": "2025-08-14T10:34:06.810Z",
    "type": "cve",
    "title": "WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/product-xml-feeds-for-woocommerce/vulnerability/wordpress-product-xml-feed-manager-for-woocommerce-plugin-2-9-3-remote-code-execution-rce-vulnerability?_s_id=cve",
    "id": "CVE-2025-49887",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "WPFactory Product XML Feed Manager for WooCommerce n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Product XML Feed Manager for WooCommerce",
    "version": "n/a",
    "vendor": "WPFactory",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability_CVE-2025-49887