Remote Code Execution Vulnerability in Product Table plugin for WordPress
CVE-2024-6365
9.8CRITICAL
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 July 2024
What is CVE-2024-6365?
The WBW Product Table plugin for WordPress is exposed to a Remote Code Execution vulnerability, allowing unauthorized users to execute arbitrary code on the server. This vulnerabilities stem from the 'saveCustomTitle' function, which lacks necessary authorization checks and sanitization processes for data inputs, particularly in the languages/customTitle.php file. Attackers can exploit this flaw to compromise the server's integrity, emphasizing the need for immediate updates and security measures for all installations of version 2.0.1 and prior.
Affected Version(s)
Product Table for WooCommerce by WBW 0 <= 2.0.1