cleantalk
Vulnerabilities and Security Researches

WooCommerce Product Table Lite, CVE-2024-10899

CVE, Research URL

CVE-2024-10899

Home page URL

Security reports for WooCommerce Product Table Lite

Application

WooCommerce Product Table Lite

Published on
Nov 20, 2024
Research Description
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.
Affected versions
max 3.8.7.
Status
vulnerable
Previous vulnerability researches
WooCommerce Product Table Lite (CVE-2024-6458) , Jul 28, 2024
WooCommerce Product Table Lite (CVE-2025-39602) , Apr 18, 2025
WooCommerce Product Table Lite (CVE-2023-47519) , Jun 07, 2024
WooCommerce Product Table Lite (1b0fdc4e-5f7b-4d95-b2a7-7e3954b759fa) , Jun 07, 2024
WooCommerce Product Table Lite (CVE-2026-2232) , Apr 15, 2026
New vulnerability
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX (CVE-2026-1273) , Apr 15, 2026
PDF Invoices & Packing Slips for WooCommerce (CVE-2026-1906) , Apr 15, 2026
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2026-4109) , Apr 15, 2026
User Submitted Posts – Enable Users to Submit Posts from the Front End (CVE-2026-2126) , Apr 15, 2026
User Submitted Posts – Enable Users to Submit Posts from the Front End (CVE-2026-0913) , Apr 15, 2026