The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wcproducttable woocommerce Product Table
|
|
CPEs | cpe:2.3:a:wcproducttable:woocommerce_product_table:*:*:*:*:lite:wordpress:*:* | |
Vendors & Products |
Wcproducttable woocommerce Product Table
|
Wed, 20 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wcproducttable
Wcproducttable woocommerce Product Table Lite |
|
CPEs | cpe:2.3:a:wcproducttable:woocommerce_product_table_lite:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Wcproducttable
Wcproducttable woocommerce Product Table Lite |
|
Metrics |
ssvc
|
Wed, 20 Nov 2024 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well. | |
Title | WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting | |
Weaknesses | CWE-94 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-20T06:42:56.080Z
Updated: 2024-11-20T20:24:29.071Z
Reserved: 2024-11-05T19:15:21.504Z
Link: CVE-2024-10899
Vulnrichment
Updated: 2024-11-20T20:24:22.890Z
NVD
Status : Analyzed
Published: 2024-11-20T07:15:08.260
Modified: 2024-11-26T21:01:21.643
Link: CVE-2024-10899
Redhat
No data.