cleantalk
Vulnerabilities and Security Researches

WooCommerce Product Table Lite, CVE-2026-2232

CVE, Research URL

CVE-2026-2232

Home page URL

Security reports for WooCommerce Product Table Lite

Application

WooCommerce Product Table Lite

Published on
Feb 19, 2026
Research Description
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 4.6.3.
Status
vulnerable
Previous vulnerability researches
WooCommerce Product Table Lite (CVE-2024-6458) , Jul 28, 2024
WooCommerce Product Table Lite (CVE-2025-39602) , Apr 18, 2025
WooCommerce Product Table Lite (CVE-2023-47519) , Jun 07, 2024
WooCommerce Product Table Lite (1b0fdc4e-5f7b-4d95-b2a7-7e3954b759fa) , Jun 07, 2024
WooCommerce Product Table Lite (CVE-2026-2232) , Apr 15, 2026
New vulnerability
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX (CVE-2026-1273) , Apr 15, 2026
PDF Invoices & Packing Slips for WooCommerce (CVE-2026-1906) , Apr 15, 2026
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2026-4109) , Apr 15, 2026
User Submitted Posts – Enable Users to Submit Posts from the Front End (CVE-2026-2126) , Apr 15, 2026
User Submitted Posts – Enable Users to Submit Posts from the Front End (CVE-2026-0913) , Apr 15, 2026