Woocommerce Product Table Lite
Monthly
Reflected/stored cross-site scripting in the WooCommerce Product Table Lite WordPress plugin (versions ≤ 4.6.3) allows remote unauthenticated attackers to inject malicious JavaScript that executes in a victim's browser when they interact with a crafted link or page. Successful exploitation can lead to session hijacking, credential theft, or administrative actions performed in the context of an authenticated WordPress user, including site administrators. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, but the unauthenticated attack surface combined with WordPress's broad install base makes this a meaningful risk for sites running the plugin.
Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Reflected/stored cross-site scripting in the WooCommerce Product Table Lite WordPress plugin (versions ≤ 4.6.3) allows remote unauthenticated attackers to inject malicious JavaScript that executes in a victim's browser when they interact with a crafted link or page. Successful exploitation can lead to session hijacking, credential theft, or administrative actions performed in the context of an authenticated WordPress user, including site administrators. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, but the unauthenticated attack surface combined with WordPress's broad install base makes this a meaningful risk for sites running the plugin.
Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.