{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30959", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-03-26T09:22:20.466Z", "datePublished": "2025-07-16T11:28:08.195Z", "dateUpdated": "2026-04-28T16:12:02.174Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "product-xml-feeds-for-woocommerce", "product": "Product XML Feed Manager for WooCommerce", "vendor": "WPFactory", "versions": [{"changes": [{"at": "2.9.3", "status": "unaffected"}], "lessThanOrEqual": "2.9.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Tran Tuan Dung (domiee13) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:36:52.505Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.2.</p>"}], "value": "Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.2."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:12:02.174Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/product-xml-feeds-for-woocommerce/vulnerability/wordpress-product-xml-feed-manager-for-woocommerce-2-9-2-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-16T13:49:04.884432Z", "id": "CVE-2025-30959", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T13:49:15.844Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30959", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-16T13:49:04.884432Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T13:49:09.526Z"}}], "cna": {"title": "WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Tran Tuan Dung (domiee13) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WPFactory", "product": "Product XML Feed Manager for WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "2.9.3", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "2.9.2"}], "packageName": "product-xml-feeds-for-woocommerce", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:27:20.595Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/product-xml-feeds-for-woocommerce/vulnerability/wordpress-product-xml-feed-manager-for-woocommerce-2-9-2-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.2.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:07:16.473Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30959", "state": "PUBLISHED", "dateUpdated": "2026-04-23T14:07:16.473Z", "dateReserved": "2025-03-26T09:22:20.466Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-07-16T11:28:08.195Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.2."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en WPFactory Product XML Feed Manager for WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al gestor de feeds XML de productos para WooCommerce desde la versi\u00f3n n/d hasta la 2.9.2."}], "id": "CVE-2025-30959", "lastModified": "2026-04-23T15:27:24.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-07-16T12:15:25.293", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/product-xml-feeds-for-woocommerce/vulnerability/wordpress-product-xml-feed-manager-for-woocommerce-2-9-2-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2026-04-30T16:45:26.128575+00:00", "updated": "2026-04-30T16:45:26.128589+00:00", "vendors": []}