CRITICAL🇵🇱 Wersja polska

CVE-2022-1020

CVSS 9.8v3.1pub. 2022-04-18upd. 2024-11-21

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codeastrology Woo Product Table

    APP
    Codeastrology
    < 3.1.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-10813MEDIUM5.3ten sam produkt

The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to...

CVE-2024-10696MEDIUM4.3ten sam vendor

The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, A...

CVE-2024-4866MEDIUM6.4ten sam vendor

The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, A...

CVE-2024-37554MEDIUM6.5ten sam vendor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful I...

CVE-2023-48768MEDIUM4.3ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommer...