1. Home
  2. CVE Database
  3. CVE-2022-1020
CRITICAL · 9.8

CVE-2022-1020

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unaut...

Vulnerability Description

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CodeastrologyWoo Product Table< 3.1.2

Related Weaknesses (CWE)

CWE-862CWE-352

References

FAQ

What is CVE-2022-1020?

CVE-2022-1020 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unaut...

How severe is CVE-2022-1020?

CVE-2022-1020 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-1020?

Check the references section above for vendor advisories and patch information. Affected products include: Codeastrology Woo Product Table.