First published: Mon Jun 27 2022(Updated: )
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pluginus Active Products Tables For Woocommerce | <1.0.5 | |
Pluginus Woot | <1.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1916 is a vulnerability in the Active Products Tables for WooCommerce WordPress plugin that allows for unauthenticated and authenticated users to execute malicious code.
The severity of CVE-2022-1916 is medium (6.1).
CVE-2022-1916 affects the Active Products Tables for WooCommerce plugin version up to 1.0.5, allowing for the execution of malicious code.
To fix CVE-2022-1916, it is recommended to update the Active Products Tables for WooCommerce plugin to a version beyond 1.0.5.
You can find more information about CVE-2022-1916 at the following reference: [https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808]