cleantalk
Vulnerabilities and Security Researches

WooCommerce Product Table Lite, CVE-2024-6458

CVE, Research URL

CVE-2024-6458

Home page URL

Security reports for WooCommerce Product Table Lite

Application

WooCommerce Product Table Lite

Published on
Jul 27, 2024
Research Description
The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table.
Affected versions
Min -, max 3.8.6.
Status
vulnerable
Previous vulnerability researches
WooCommerce Product Table Lite (CVE-2024-6458) , Jul 28, 2024
WooCommerce Product Table Lite (CVE-2025-39602) , Apr 18, 2025
WooCommerce Product Table Lite (CVE-2023-47519) , Jun 07, 2024
WooCommerce Product Table Lite (1b0fdc4e-5f7b-4d95-b2a7-7e3954b759fa) , Jun 07, 2024
WooCommerce Product Table Lite (CVE-2024-13472) , Feb 02, 2025
New vulnerability
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025