CVE-2024-0797

Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization

CVSS 4.3 MEDIUMEPSS 0.4%CWE-862

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Productos afectados

realmag777 · Active Products Tables for WooCommerce. Use constructor to create tables

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve