CVE-2024-6458

Name of the Vulnerable Software and Affected Versions WooCommerce Product Table Lite plugin for WordPress versions up to, and including, 3.5.1

Description The issue allows authenticated attackers with subscriber access and above to modify post titles of arbitrary posts due to a missing capability check on the wcpt presets duplicate preset to table function. Additionally, missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table.

Recommendations For versions up to, and including, 3.5.1, update to a version that includes a fix for the missing capability check on the wcpt presets duplicate preset to table function and addresses the missing sanitization issue to prevent Stored Cross-Site Scripting. As a temporary workaround, consider restricting access to the wcpt presets duplicate preset to table function to prevent unauthorized post title modifications.