What the vulnerability does
01Description
Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through <= 6.6.18.
Explanation of Vulnerability in Simple Terms
02Summary
CTX Feed versions 6.6.18 and earlier lack proper authorization checks, allowing unauthenticated attackers to read sensitive data. An attacker can access information without logging in or requiring any special privileges. The vulnerability affects all versions from release through 6.6.18. A patched version has not been publicly identified.
What an attacker can do
03Attacker Capabilities
Read sensitive data without authentication.
Potential impact on your site
04Site Impact
Unauthorized users can access sensitive information exposed by CTX Feed without logging in.
Conditions required to exploit
05Prerequisites
Network access to the affected CTX Feed installation; no authentication required.
Key dates
06Disclosure timeline
January 22, 2026
CVE published
April 28, 2026
Record updated