Browse all 4 CVE security advisories affecting wcproducttable. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wcproducttable is a WordPress plugin designed to manage product tables for e-commerce sites. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's handling of user input and insufficient sanitization have led to several CVEs, allowing attackers to execute arbitrary code, inject malicious scripts, or gain elevated access. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities in input validation and access controls makes it a notable concern for WordPress site administrators using e-commerce functionality.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2232 | Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter — Product Table and List Builder for WooCommerce LiteCWE-89 | 7.5 | High | 2026-02-19 |
| CVE-2024-13472 | WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting — Product Table and List Builder for WooCommerce LiteCWE-94 | 7.3 | High | 2025-01-31 |
| CVE-2024-10899 | WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting — Product Table and List Builder for WooCommerce LiteCWE-94 | 7.3 | High | 2024-11-20 |
| CVE-2024-6458 | WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting — Product Table and List Builder for WooCommerce LiteCWE-862 | 6.4 | Medium | 2024-07-27 |
This page lists every published CVE security advisory associated with wcproducttable. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.