Unrated severityNVD Advisory· Published Apr 18, 2022· Updated Aug 2, 2024
Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
CVE-2022-1020
Description
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.1.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.