CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22307 – WordPress Product Table for WooCommerce plugin <= 3.5.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22307
06 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6. The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ... • https://patchstack.com/database/wordpress/plugin/woo-product-table/vulnerability/wordpress-product-table-for-woocommerce-plugin-3-5-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2022-1020 – Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
https://notcve.org/view.php?id=CVE-2022-1020
22 Mar 2022 — The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument El plugin Product Table for WooCommerce (wooproducttable) de WordPress versiones anteriores a 3.1.2, no presen... • https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •