2 matches found
CVE-2022-1020 Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...
Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...