cbcvebase.
CVE-2022-1020
published 2022-04-18

CVE-2022-1020: The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
26.23%
97.7th percentile
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument

Affected

1 ranges
VendorProductVersion rangeFixed in
codeastrologywoo_product_table< 3.1.23.1.2

Detection & IOCsextracted from sources · hover to see the quote

yara
WordPress WooCommerce PHP Version ([0-9.]+)'
  • The AJAX action `wpt_admin_update_notice_option` is accessible by unauthenticated users and does not validate the `callback` parameter, allowing arbitrary PHP function calls. Monitor for unauthenticated POST requests targeting this AJAX action.
  • Fingerprint digest associated with the nuclei/detection template for this CVE: 4a0a00473045022100d70b2f203f4d87582c67a3556d9eaeef980d3b5b7fbed3f0a5d86db908f4d2be0220150c83d52098b7d538ea02e029acb9ebf8566fd988c375bf0395c0c9d719e620:922c64590222798bb761d5b6d8e72950
  • ·The vulnerability affects Product Table for WooCommerce (wooproducttable) plugin versions before 3.1.2. The AJAX action is exploitable by unauthenticated users, meaning no session or authentication token is required to trigger arbitrary function calls.
  • ·The `callback` parameter accepts arbitrary function names with zero or one user-controlled argument, broadening the attack surface to any callable PHP function accessible in the WordPress context.
  • ·Detection template matches on the response body using the regex pattern for WooCommerce PHP version string; this is a version-detection fingerprint and may produce false positives on patched installs if the version string is not updated.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa8.8HIGH
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.