WordPress Plugin Vulnerabilities

Active Products Tables for WooCommerce. Professional products tables for WooCommerce store < 1.0.6.2 - Cross-Site Request Forgery

Description

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
profit-products-tables-for-woocommerce
Fixed in 1.0.6.2

References

CVE
CVE-2024-0796
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
760f5cad-defb-48bd-ae29-1a5752fe9ba6

Timeline

Publicly Published
2024-01-31 (about 2 years ago)
Added
2024-01-31 (about 2 years ago)
Last Updated
2024-01-31 (about 2 years ago)

Other

Published
Title
Published
2024-12-11
Title
Amazon Product Price <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting
Published
2023-04-18
Title
Clock In Portal <= 2.2 - Holidays Deletion via CSRF
Published
2023-06-27
Title
Salon Booking System < 8.4.8 - User Role change via CSRF
Published
2026-01-23
Title
SurveyJS: Drag & Drop WordPress Form Builder < 2.5.3 - Cross-Site Request Forgery to Survey Creation
Published
2023-04-05
Title
YourChannel < 1.2.5 - Multiple CSRF