← back
CVE-2024-43918

WordPress WBW Product Table PRO plugin <= 1.9.4 - Unauthenticated Arbitrary SQL Query Execution vulnerability

CVSS 10 CRITICALEPSS 1.5%CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
WBW · WBW Product Table PRO
public PoCs found1
githubgithub.com/KTN1990/CVE-2024-439183
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/vulnerability/woo-producttables-pro/wordpress-wbw-product-table-pro-plugin-1-9-4-unauthenticated-arbitrary-sql-query-execution-vulnerability?_s_id=cve