CVE Vulnerability

CVE-2022-1020

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-04-18 06:15

Updated : 2022-05-10 05:01

NVD link : CVE-2022-1020

Mitre link : CVE-2022-1020

Products Affected
No products.
CWE
CWE-352

CWE-862