CVE-2026-34902
Description
Unauthenticated XSS in WooCommerce Product Table Lite <=4.6.3 allows attackers to inject scripts, potentially affecting site visitors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated XSS in WooCommerce Product Table Lite <=4.6.3 allows attackers to inject scripts, potentially affecting site visitors.
Vulnerability
The vulnerability is an unauthenticated Cross-Site Scripting (XSS) in the WordPress plugin WooCommerce Product Table Lite versions up to 4.6.3. The plugin fails to properly sanitize input, allowing injection of arbitrary JavaScript. [1]
Exploitation
An attacker can exploit this without authentication by crafting a malicious URL or submitting a form that triggers the XSS. However, successful exploitation may require a privileged user (e.g., admin) to perform an action such as clicking a link, as noted in the reference. [1]
Impact
Successful exploitation allows an attacker to inject malicious scripts, which can be used to redirect visitors, display advertisements, or steal sensitive information. The impact is limited to the context of the site, affecting visitors when injected scripts execute. [1]
Mitigation
The vulnerability is fixed in version 4.6.4. Users are advised to update immediately. The Patchstack platform offers mitigation rules to block attacks until update is applied. [1]
AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=4.6.3
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.