Dear @hichben
Thank you for bringing this to our attention and for sharing the report.
We take security matters very seriously. We are currently reviewing the reported issue regarding the missing capability check in CTX Feed versions up to 6.6.18, as referenced by Patchstack. Our development team has already started investigating the claim to verify the scope and impact of the reported behavior.
If the issue is confirmed, we will release a patched version as soon as possible and notify users immediately. We strongly encourage all users to keep the plugin updated and follow best security practices.
In the meantime, if you have specific details, proof of concept, or steps to reproduce the issue, we would greatly appreciate it if you could share them with us. This will help us address the matter more efficiently.
Thank you again for reporting this and helping us improve the security of CTX Feed.
Kind regards,
Hi
It was flagged by Wordfence as a “Critical issue” and it’s on the “Vulnerability Database” with Vulnerability Severity: 5.3/10.0 (Medium)
“The CTX Feed plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.6.18. This makes it possible for unauthenticated attackers to perform an unauthorized action.”
Here is the link:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/webappick-product-feed-for-woocommerce/ctx-feed-6618-missing-authorization
Dear @hichben
We are expecting to release a patched version today. Thank you for your patience while we roll it out.
Best regards,
Dear @hichben
A new version of CTX Feed has been released that addresses the issue. Please update the plugin to the latest version to resolve the problem.
Thank you,
