3 matches found
WordPress WooCommerce <3.1.2 - Arbitrary Function Call
WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary...
CVE-2022-1020 Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...
CVE-2022-1020
CVE-2022-1020 affects the WordPress WooCommerce Product Table plugin prior to 3.1.2. The wpt_admin_update_notice_option AJAX action lacks proper authorization and CSRF checks and does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with none or ...