VYPR
Unrated severityNVD Advisory· Published Apr 18, 2022· Updated Aug 2, 2024

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

CVE-2022-1020

Description

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.