cbcvebase.
CVE-2022-1916
published 2022-06-27

CVE-2022-1916: The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a…

PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.83%
76.2th percentile
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting

Affected

1 ranges
VendorProductVersion rangeFixed in
pluginuswoot< 1.0.51.0.5

Detection & IOCsextracted from sources · hover to see the quote

otheralert(document.domain)
yara
words: ['woot-content-in-popup', 'woot-system', 'woot-table'] condition: or
  • Reflected XSS payload appears in the HTTP response body of an AJAX action endpoint; look for the XSS probe string 'alert(document.domain)' in response bodies from WooCommerce AJAX handlers.
  • Detect exploitation attempts by matching response body for any of the plugin-specific CSS class strings: 'woot-content-in-popup', 'woot-system', or 'woot-table' combined with XSS payload indicators.
  • The vulnerable AJAX action is accessible to both unauthenticated and authenticated users — monitor all wp-admin/admin-ajax.php requests (not just authenticated sessions) for unsanitised parameter reflection.
  • Confirmed exploitation responses return HTTP 200 with Content-Type text/html; filter on this combination alongside the woot-* body strings.
  • ·Vulnerability is only present in plugin versions before 1.0.5; ensure version fingerprinting is part of any detection or triage workflow.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.