CVE-2024-10899 – The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary …

20 November 2024

Vuln ID: CVE-2024-10899

Published: 2024-11-20 07:15:08.260

Description: The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same ‘id’ parameter is vulnerable to Reflected Cross-Site Scripting as well.

Base Score: 7.3 – HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Source: NVD.NIST.GOV

Date:

20 November 2024

Categorie(s):

NVD

Tag(s):

NVD

Zitadel raises $9 million to accelerate product development21 November 2024
Actfore TRACE reduces keystrokes and expedites data extraction21 November 2024
Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects21 November 2024
Best practices for preparing your organization for cybersecurity incidents21 November 2024
5 best Instagram private profile viewers without knowing21 November 2024