CVE-2024-43128: 
WordPress vulnerability analysis and mitigation

A code injection vulnerability (CVE-2024-43128) was discovered in WC Product Table WooCommerce Product Table Lite plugin affecting versions through 3.5.1. The vulnerability was reported on August 7, 2024, and was assigned a CVSS v3.1 base score of 7.3 (HIGH) by NIST and 6.5 (MEDIUM) by Patchstack (NVD, Patchstack).

The vulnerability is classified as an Improper Control of Generation of Code (CWE-94), allowing potential code injection attacks. The issue has been assigned two different CVSS v3.1 scores: NIST rates it at 7.3 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, while Patchstack assesses it at 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (NVD).

The vulnerability could allow malicious actors to inject their own content into pages and posts of affected websites. This could potentially be exploited for phishing attacks by injecting malicious content into the compromised websites (Patchstack).

Users are advised to update to version 3.8.6 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to a fixed version (Patchstack).