CVE-2024-10899

Name of the Vulnerable Software and Affected Versions WooCommerce Product Table Lite plugin for WordPress versions up to, and including, 3.8.6

Description The issue arises from the software allowing users to execute an action that does not properly validate a value before running do shortcode(). This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same id parameter is also vulnerable to Reflected Cross-Site Scripting.

Recommendations For versions up to, and including, 3.8.6, update to a version higher than 3.8.6 to resolve the issue. As a temporary workaround, consider restricting access to the id parameter to minimize the risk of exploitation. Avoid using the id parameter in affected endpoints until the issue is resolved. At the moment, there is no information about additional mitigation measures.