CVE-2024-6365 | Vulnerability Database

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-6365
CWE	https://cwe.mitre.org/data/definitions/.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-6365

CWE

https://cwe.mitre.org/data/definitions/.html

The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the saveCustomTitle function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it possible for unauthenticated attackers to execute code on the server.

References

https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php
https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/modules/wootablepress/models/wootablepress.php#L7
https://plugins.trac.wordpress.org/changeset/3113335/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=cve