CVE-2025-39602

Vulnerability

The WooCommerce Product Table Lite plugin (formerly WooCommerce Product Table Lite) for WordPress contains a missing authorization vulnerability in versions up to and including 3.9.5. The plugin fails to properly verify access control security levels, allowing exploitation of incorrectly configured access controls. This affects the wc-product-table-lite plugin as described in the CVE description.

Exploitation

An attacker with network access to the WordPress site can exploit this vulnerability without requiring authentication or elevated privileges. The exact attack vector is not detailed in the available reference, but the missing authorization likely allows direct access to administrative functions or data that should be restricted. The attacker could send crafted requests to vulnerable endpoints to bypass access controls.

Impact

Successful exploitation could lead to unauthorized access to sensitive information or functionality within the plugin. This may include viewing or modifying product table configurations, accessing private data, or performing actions reserved for higher-privileged users. The impact is limited by the plugin's scope but could compromise the confidentiality and integrity of WooCommerce product data.

Mitigation

The vendor has released version 5.0.5 of the plugin, which is the latest version as of the reference [1]. Users should update to version 5.0.5 or later to address this vulnerability. No workarounds are provided in the available references. If unable to update, consider disabling the plugin until a patch can be applied.