CVE-2022-1916

CVE-2022-1916 concerns the WordPress plugin “Active Products Tables for WooCommerce” (prior to v1.0.5). The vulnerability is a reflected cross-site scripting (XSS) flaw caused by the plugin not sanitizing/escaping a parameter before echoing it in the response of an AJAX action. This action is acc...

CVE-2023-51480

CVE-2023-51480 affects the WordPress plugin “Active Products Tables for WooCommerce” (Professional/Profit Products Tables). The vulnerability is a Cross‑Site Scripting (Stored XSS) due to improper neutralization of input during web page generation. It lists affected versions as

CVE-2024-0797

CVE-2024-0797 affects the WordPress plugin “Active Products Tables for WooCommerce” (Profit-Products-Tables-for-WooCommerce). The vulnerability is due to missing capability checks in several functions, allowing subscribers (and higher) to access admin-only functionality in all versions up to and ...

CVE-2024-35730

CVE-2024-35730: Reflected XSS in Active Products Tables for WooCommerce (real mag777). Affected: Active Products Tables for WooCommerce

CVE-2024-10168

CVE-2024-10168 affects Active Products Tables for WooCommerce. Use constructor to create tables (WordPress plugin) and is vulnerable to Stored Cross-Site Scripting via the woot_button shortcode in all versions up to 1.0.6.4. Root cause: insufficient input sanitization and output escaping on user-...

CVE-2023-51505

CVE-2023-51505 describes a deserialization of untrusted data vulnerability in the WordPress plugin Active Products Tables for WooCommerce (Profit-Products-Tables-for-WooCommerce) . The issue affects the plugin’s Professional/Active Products Tables for WooCommerce store extension from an unknown s...

CVE-2024-0796

CVE-2024-0796: Active Products Tables for WooCommerce (Profit–Products–Tables for WooCommerce) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation on AJAX actions. Affected versions are up to and including 1.0.6.1; exploitation requires an unauthenticated attacke...