What is CVE-2022-1020?

CVE-2022-1020 is a vulnerability in Product Table For Woocommerce (Wooproducttable), classified under Missing Authorization. Published 2022-04-18.

Is CVE-2022-1020 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

CSRF in Product Table For Woocommerce (Wooproducttable)

CVE-2022-1020

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as…

Vulnerability class: Broken Access Control

EPSS: 0.895 (99.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Product Table For Woocommerce (Wooproducttable) — versions 3.0.2, 3.1.2

Weakness classification (CWE)

Public proof-of-concept exploits

References

wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1020?: CVE-2022-1020 is a vulnerability in Product Table For Woocommerce (Wooproducttable), classified under Missing Authorization. Published 2022-04-18.
Is CVE-2022-1020 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.