Executive Summary

CVE-2026-32443 is a Cross Site Request Forgery (CSRF) vulnerability found in the WordPress Product Feed PRO for WooCommerce plugin versions up to and including 13.5.2.

This vulnerability allows a malicious actor to trick higher privileged users into executing unwanted actions while they are authenticated. This can happen if the user clicks a malicious link, visits a crafted page, or submits a malicious form.

Exploitation requires user interaction and the involvement of a privileged user. The vulnerability is classified under OWASP Top 10 A1: Broken Access Control.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized actions being performed on your WooCommerce product feed plugin by an attacker, but only if a privileged user is tricked into interacting with malicious content.

While the vulnerability does not directly compromise confidentiality or availability, it can impact the integrity of your product feed data by allowing unauthorized modifications.

The CVSS score of 6.5 indicates moderate severity, but the exploitation complexity and requirement for user interaction reduce the overall risk.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability affects the Product Feed PRO for WooCommerce plugin versions up to and including 13.5.2. Detection involves identifying if this vulnerable plugin version is installed on your WordPress system.'}, {'type': 'paragraph', 'content': 'You can check the installed plugin version by running commands on your server or through the WordPress admin interface.'}, {'type': 'list_item', 'content': 'Using WP-CLI, run: wp plugin list | grep woo-product-feed-pro'}, {'type': 'list_item', 'content': 'Check the plugin version displayed and verify if it is less than or equal to 13.5.2.'}, {'type': 'list_item', 'content': "Alternatively, inspect the plugin's main file header or version.php file in the plugin directory."}, {'type': 'paragraph', 'content': 'There are no specific network commands or signatures mentioned for detecting exploitation attempts of this CSRF vulnerability.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the Product Feed PRO for WooCommerce plugin to version 13.5.2.1 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': "If immediate updating is not possible, consider restricting access to the plugin's administrative functions to trusted users only, to reduce the risk of CSRF exploitation."}, {'type': 'paragraph', 'content': 'Additionally, enabling security measures such as CSRF tokens, user interaction verification, and limiting user privileges can help mitigate the risk.'}, {'type': 'paragraph', 'content': "Using Patchstack's mitigation support or auto-update features for vulnerable plugins can also help maintain security."}] [1]

Useful 0 Not Useful 0