CVE-2025-49287

{"id": "CVE-2025-49287", "cveTags": [], "metrics": {}, "published": "2025-06-06T13:15:44.457", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/webtoffee-product-feed/vulnerability/wordpress-product-feed-for-woocommerce-2-2-8-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.2.8."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en WebToffee Product Feed for WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al feed de productos para WooCommerce desde n/d hasta la versi\u00f3n 2.2.8."}], "lastModified": "2026-04-01T17:24:59.687", "sourceIdentifier": "audit@patchstack.com"}