{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-3499/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-3499"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["wordpress","woocommerce","csrf","cve-2026-3499"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin, a WordPress plugin, suffers from a Cross-Site Request Forgery (CSRF) vulnerability. Present in versions 13.4.6 through 13.5.2.1, this flaw allows unauthenticated attackers to execute administrative functions if they can successfully coerce a site administrator into performing an action, such as clicking a specially crafted link. The vulnerability stems from the plugin\u0026rsquo;s failure to implement proper nonce validation on several AJAX actions, including \u003ccode\u003eajax_migrate_to_custom_post_type\u003c/code\u003e, \u003ccode\u003eajax_adt_clear_custom_attributes_product_meta_keys\u003c/code\u003e, \u003ccode\u003eajax_update_file_url_to_lower_case\u003c/code\u003e, \u003ccode\u003eajax_use_legacy_filters_and_rules\u003c/code\u003e, and \u003ccode\u003eajax_fix_duplicate_feed\u003c/code\u003e. This vulnerability poses a significant risk to WooCommerce store owners using the affected plugin.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing a request to one of the vulnerable AJAX actions (e.g., \u003ccode\u003eajax_migrate_to_custom_post_type\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious URL via email, social media, or another channel, attempting to trick a WordPress administrator into clicking the link.\u003c/li\u003e\n\u003cli\u003eThe administrator, while authenticated to the WordPress admin panel, clicks the malicious link.\u003c/li\u003e\n\u003cli\u003eThe administrator\u0026rsquo;s browser sends the forged request to the WordPress server, including the administrator\u0026rsquo;s session cookies.\u003c/li\u003e\n\u003cli\u003eDue to the missing or incorrect nonce validation, the WordPress server processes the request as if it were a legitimate action performed by the administrator.\u003c/li\u003e\n\u003cli\u003eDepending on the specific AJAX action targeted, the attacker can trigger feed migration, clear custom attribute caches, rewrite feed file URLs to lowercase, toggle legacy filter and rule settings, or delete duplicate feed posts.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats this process to perform other administrative actions, gaining control over the plugin\u0026rsquo;s settings and data.\u003c/li\u003e\n\u003cli\u003eThe attacker potentially manipulates product feeds to inject malicious content, redirect users, or compromise the WooCommerce store\u0026rsquo;s SEO.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this CSRF vulnerability (CVE-2026-3499) could allow an attacker to manipulate a WooCommerce store\u0026rsquo;s product feeds, potentially leading to data corruption, SEO poisoning, or the injection of malicious content. If successful, attackers could modify product information, redirect users to phishing sites, or damage the store\u0026rsquo;s reputation. The severity of the impact depends on the targeted AJAX action, but the potential for unauthorized administrative control is significant. Given the wide usage of WooCommerce and the Product Feed PRO plugin, a large number of online stores are potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Product Feed PRO for WooCommerce plugin to a patched version greater than 13.5.2.1 to remediate CVE-2026-3499.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules to your SIEM to detect exploitation attempts targeting the vulnerable AJAX actions.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests to the vulnerable AJAX endpoints originating from suspicious referrers.\u003c/li\u003e\n\u003cli\u003eEducate WordPress administrators on the risks of CSRF attacks and the importance of verifying links before clicking them.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T02:16:04Z","date_published":"2026-04-08T02:16:04Z","id":"/briefs/2026-04-woocommerce-csrf/","summary":"The Product Feed PRO for WooCommerce WordPress plugin (versions 13.4.6-13.5.2.1) is vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing unauthenticated attackers to perform administrative actions by tricking an administrator into clicking a malicious link.","title":"Product Feed PRO for WooCommerce Plugin CSRF Vulnerability (CVE-2026-3499)","url":"https://feed.craftedsignal.io/briefs/2026-04-woocommerce-csrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-3499","version":"https://jsonfeed.org/version/1.1"}