What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4.
Explanation of Vulnerability in Simple Terms
Product Table For WooCommerce versions up to 1.2.4 contain a deserialization vulnerability that allows authenticated attackers to execute arbitrary code on the site. The plugin unsafely processes serialized data without proper validation, enabling an attacker with low-level access to inject malicious PHP code. This affects confidentiality, integrity, and availability of the entire WordPress installation.
What an attacker can do
Run arbitrary PHP code on the site and take full control of the WordPress installation.
Potential impact on your site
Complete compromise of the WordPress site, including data theft, malware injection, and site defacement.
Conditions required to exploit
Attacker must have a low-privilege WordPress account (subscriber or above) and network access to the site.
Key dates
External resources