VYPR

Product Feeds

by WordPress

CVEs (1)

  • CVE-2025-14037HigMar 21, 2026
    risk 0.53cvss 8.1epss 0.00

    The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for…