Code Injection Vulnerability in WC Product Table Lite
CVE-2024-43128

7.3HIGH

Key Information:

Vendor: WordPress
Status: WooCommerce Product Table Lite
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-43128?

A code injection vulnerability exists in the WooCommerce Product Table Lite plugin, allowing attackers to inject malicious code. This affects all versions from n/a through 3.5.1, compromising the integrity of the affected systems. Proper validation of user input is essential to prevent unauthorized code execution, which can lead to severe consequences for the security of installations relying on this plugin.

Affected Version(s)

WooCommerce Product Table Lite <= 3.5.1

References

https://patchstack.com/database/vulnerability/wc-product-...

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Aug 7, 2024

Credit

stealthcopter (Patchstack Alliance)