Vulnerabilities and security researches forwc-product-table-lite wc-product-table-lite

Jun 07, 2024

CVE, Research URL: CVE-2023-47519
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: Nov 19, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2.
Affected versions: max 3.1.0.
Status: vulnerable

CVE, Research URL: 1b0fdc4e-5f7b-4d95-b2a7-7e3954b759fa
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: -
Research Description: Product Table and List Builder for WooCommerce Lite [wc-product-table-lite] < 2.4.0 WooCommerce Product Table Lite < 2.4.0 - Reflected Cross-Site Scripting The plugin does not escape the price_range_min and price_range_max parameters before outputting them back in attributes, leading a Reflected Cross-Site Scripting issue
Affected versions: max 2.4.0.
Status: vulnerable

Jul 28, 2024

CVE, Research URL: CVE-2024-6458
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: Jul 27, 2024
Research Description: The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table.
Affected versions: max 3.8.6.
Status: vulnerable

Aug 12, 2024

CVE, Research URL: CVE-2024-43128
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: Aug 13, 2024
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.
Affected versions: max 3.8.6.
Status: vulnerable

Nov 21, 2024

CVE, Research URL: CVE-2024-10899
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: Nov 20, 2024
Research Description: The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.
Affected versions: max 3.8.7.
Status: vulnerable

Jan 26, 2025

CVE, Research URL: CVE-2025-24596
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: Jan 24, 2025
Research Description: Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7.
Affected versions: max 3.9.0.
Status: vulnerable

Feb 02, 2025

CVE, Research URL: CVE-2024-13472
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: Jan 31, 2025
Research Description: The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'sc_attrs' parameter is vulnerable to Reflected Cross-Site Scripting as well.
Affected versions: max 3.9.5.
Status: vulnerable

Apr 18, 2025

CVE, Research URL: CVE-2025-39602
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: Apr 16, 2025
Research Description: Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.9.5.
Affected versions: max 3.9.6.
Status: vulnerable

Apr 15, 2026

CVE, Research URL: CVE-2026-2232
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: Feb 19, 2026
Research Description: The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 4.6.3.
Status: vulnerable

CVE, Research URL: CVE-2026-34902
Home page URL: Security reports for WooCommerce Product Table Lite
Application: WooCommerce Product Table Lite
Date: -
Research Description: Product Table and List Builder for WooCommerce Lite [wc-product-table-lite] < 4.6.4 CVE-2026-34902
Affected versions: max 4.6.4.
Status: vulnerable