CVE-2024-0796

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 5, 2024

Updated: Feb 13, 2024

CWE ID 352

Summary

CVE-2024-0796 is a Cross-Site Request Forgery (CSRF) vulnerability affecting WooCommerce's Professional Products Tables plugin for WordPress. Versions up to and including 1.0.6.1 are susceptible to this issue. The flaw lies in the lack of proper nonce validation on several AJAX functions, allowing unauthenticated attackers to trigger these functions through forged requests. Successful exploitation of this vulnerability requires tricking a site administrator into performing a specific action, such as clicking on a maliciously crafted link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uPt1vx
https://www.cve.org/CVERecord?id=CVE-2024-0796
https://nvd.nist.gov/vuln/detail/CVE-2024-0796

Back to Vulnerability Database

CVE-2024-0796

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations