CVE-2022-1020

CVE-2022-1020: Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

Vendor Unknown
Product Product Table for WooCommerce (wooproducttable)
Weakness CWE-862 · Missing authorization
Published April 18, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument

Key dates

02Disclosure timeline

April 18, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-27906 Apache Airflow: Dag Code and Import Error Permissions Ignored CVE-2026-28408 WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php CVE-2023-36519 WordPress SW Product Bundles plugin <= 2.0.15 - Broken Access Control vulnerability CVE-2024-25912 WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary WordPress Settings Change vulnerability CVE-2023-36510 WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability