Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for woo_product_table by codeastrology

    CVE-2024-10813 (GCVE-0-2024-10813)

    Vulnerability from nvd – Published: 2024-11-23 03:25 – Updated: 2026-04-08 17:30
    VLAI
    Title
    Product Table for WooCommerce by CodeAstrology (wooproducttable.com) <= 3.5.1 - Information Exposure
    Summary
    The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    codersaiful Product Table for WooCommerce Affected: 0 , ≤ 3.5.1 (semver)
    Create a notification for this product.
    codeastrology woo_product_table Affected: 0 , ≤ 3.5.1 (semver)
        cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Nathaniel Oh
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "woo_product_table",
                "vendor": "codeastrology",
                "versions": [
                  {
                    "lessThanOrEqual": "3.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10813",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:37:27.342127Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:39:46.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Product Table for WooCommerce",
              "vendor": "codersaiful",
              "versions": [
                {
                  "lessThanOrEqual": "3.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nathaniel Oh"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:30:12.719Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67f680a-8942-45fa-8458-a27c78045aa1?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-product-table/trunk/inc/shortcode-base.php"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3195719/woo-product-table/trunk/inc/shortcode-base.php?contextall=1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-22T15:10:18.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Product Table for WooCommerce by CodeAstrology (wooproducttable.com) \u003c= 3.5.1 - Information Exposure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-10813",
        "datePublished": "2024-11-23T03:25:51.400Z",
        "dateReserved": "2024-11-04T18:36:39.335Z",
        "dateUpdated": "2026-04-08T17:30:12.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-1020 (GCVE-0-2022-1020)

    Vulnerability from nvd – Published: 2022-04-18 17:10 – Updated: 2024-08-02 23:47
    Title
    Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
    Summary
    The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument
    Severity
    No CVSS data available.
    CWE
    • CWE-862 - Missing Authorization
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Product Table for WooCommerce (wooproducttable) Affected: 3.0.2 , < 3.0.2* (custom)
    Affected: 3.1.2 , < 3.1.2 (custom)
    Create a notification for this product.
    Credits
    Mark Costlow
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Product Table for WooCommerce (wooproducttable)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.0.2*",
                  "status": "affected",
                  "version": "3.0.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.2",
                  "status": "affected",
                  "version": "3.1.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mark Costlow"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-18T17:10:44.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Woo Product Table \u003c 3.1.2 - Unauthenticated Arbitrary Function Call",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1020",
              "STATE": "PUBLIC",
              "TITLE": "Woo Product Table \u003c 3.1.2 - Unauthenticated Arbitrary Function Call"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Product Table for WooCommerce (wooproducttable)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_name": "3.0.2",
                                "version_value": "3.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.1.2",
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mark Costlow"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1020",
        "datePublished": "2022-04-18T17:10:44.000Z",
        "dateReserved": "2022-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10813 (GCVE-0-2024-10813)

    Vulnerability from cvelistv5 – Published: 2024-11-23 03:25 – Updated: 2026-04-08 17:30
    VLAI
    Title
    Product Table for WooCommerce by CodeAstrology (wooproducttable.com) <= 3.5.1 - Information Exposure
    Summary
    The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    codersaiful Product Table for WooCommerce Affected: 0 , ≤ 3.5.1 (semver)
    Create a notification for this product.
    codeastrology woo_product_table Affected: 0 , ≤ 3.5.1 (semver)
        cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Nathaniel Oh
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "woo_product_table",
                "vendor": "codeastrology",
                "versions": [
                  {
                    "lessThanOrEqual": "3.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10813",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:37:27.342127Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:39:46.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Product Table for WooCommerce",
              "vendor": "codersaiful",
              "versions": [
                {
                  "lessThanOrEqual": "3.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nathaniel Oh"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:30:12.719Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67f680a-8942-45fa-8458-a27c78045aa1?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-product-table/trunk/inc/shortcode-base.php"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3195719/woo-product-table/trunk/inc/shortcode-base.php?contextall=1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-22T15:10:18.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Product Table for WooCommerce by CodeAstrology (wooproducttable.com) \u003c= 3.5.1 - Information Exposure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-10813",
        "datePublished": "2024-11-23T03:25:51.400Z",
        "dateReserved": "2024-11-04T18:36:39.335Z",
        "dateUpdated": "2026-04-08T17:30:12.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-1020 (GCVE-0-2022-1020)

    Vulnerability from cvelistv5 – Published: 2022-04-18 17:10 – Updated: 2024-08-02 23:47
    Title
    Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
    Summary
    The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument
    Severity
    No CVSS data available.
    CWE
    • CWE-862 - Missing Authorization
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Product Table for WooCommerce (wooproducttable) Affected: 3.0.2 , < 3.0.2* (custom)
    Affected: 3.1.2 , < 3.1.2 (custom)
    Create a notification for this product.
    Credits
    Mark Costlow
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Product Table for WooCommerce (wooproducttable)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.0.2*",
                  "status": "affected",
                  "version": "3.0.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.2",
                  "status": "affected",
                  "version": "3.1.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mark Costlow"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-18T17:10:44.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Woo Product Table \u003c 3.1.2 - Unauthenticated Arbitrary Function Call",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1020",
              "STATE": "PUBLIC",
              "TITLE": "Woo Product Table \u003c 3.1.2 - Unauthenticated Arbitrary Function Call"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Product Table for WooCommerce (wooproducttable)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_name": "3.0.2",
                                "version_value": "3.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.1.2",
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mark Costlow"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1020",
        "datePublished": "2022-04-18T17:10:44.000Z",
        "dateReserved": "2022-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }