Active Products Tables for WooCommerce. Professional products tables for WooCommerce store < 1.0.6.2 – Missing Authorization | CVE 2024-0797 | Plugin Vulnerabilities

Description

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.

Affects Plugins

profit-products-tables-for-woocommerce

Fixed in 1.0.6.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

d96a3202-bb35-4fce-9d26-b8ddccd9d23f

Timeline

Publicly Published

2024-01-31 (about 2 years ago)

Added

2024-01-31 (about 2 years ago)

Last Updated

2024-01-31 (about 2 years ago)

Other

Published

Title

Published

2026-02-18

Title

Image Photo Gallery Final Tiles Grid < 3.6.11 - Missing Authorization

Published

2025-12-31

Title

Add Custom Codes < 5.0 - Missing Authorization

Published

2026-04-15

Title

Basic Google Maps Placemarks < 1.10.8 - Missing Authorization to Unauthenticated Default Map Coordinate Update

Published

2025-10-28

Title

Яндекс Доставка (Boxberry) <= 2.32 - Missing Authorization

Published

2024-05-09

Title

White Label CMS < 2.7.4 - Missing Authorization to Plugin Settings Reset