Mark Costlow

**Name of the Vulnerable Software and Affected Versions** The Product Table for WooCommerce (wooproducttable) versions prior to 3.1.2 **Description** The issue concerns the lack of authorization and CSRF checks in the `wpt admin update notice option` AJAX action, which is accessible to both unauthenticated and authenticated users. Additionally, the callback parameter is not validated, allowing unauthenticated attackers to call arbitrary functions with either no or one user-controlled argument. **Recommendations** For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the `wpt admin update notice option` AJAX action until a patch is available. Restrict access to the `wpt admin update notice option` AJAX endpoint to minimize the risk of exploitation. Avoid using the `callback` parameter in the affected AJAX endpoint until the issue is resolved.