CVE-2022-1020 – This vulnerability in the Product Table for Woo... (How to Fix)

Q: What is the severity of CVE-2022-1020?

CVE-2022-1020 has a CVSS score of 9.8 (CRITICAL). This vulnerability in the Product Table for WooCommerce WordPress plugin allows unauthenticated attackers to execute arbitrary PHP functions on affected websites. Attackers can call any function with up to one user-controlled argument, potentially leading to complete system compromise. All WordPress sites running vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability in the Product Table for WooCommerce WordPress plugin allows unauthenticated attackers to execute arbitrary PHP functions on affected websites. Attackers can call any function with up to one user-controlled argument, potentially leading to complete system compromise. All WordPress sites running vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Product Table for WooCommerce (wooproducttable) WordPress plugin

Versions: All versions before 3.1.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the vulnerable plugin enabled, regardless of configuration.

📦 What is this software?

Woo Product Table by Codeastrology

View all CVEs affecting Woo Product Table →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete website takeover, data theft, malware injection, or server compromise.

🟠

Likely Case

Website defacement, data manipulation, or installation of backdoors for persistent access.

🟢

If Mitigated

Limited impact if proper web application firewalls and intrusion detection systems are in place.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication, affecting publicly accessible WordPress sites.

🏢 Internal Only: MEDIUM - Internal WordPress sites could still be compromised if accessible to internal attackers.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests can trigger the vulnerability. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.2

Vendor Advisory: https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Product Table for WooCommerce'. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.1.2+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the plugin until patched

wp plugin deactivate wooproducttable

Web Application Firewall rule

all

Block requests to the vulnerable AJAX endpoint

Block POST requests to /wp-admin/admin-ajax.php with action=wpt_admin_update_notice_option

🧯 If You Can't Patch

Disable the wooproducttable plugin immediately
Implement strict network segmentation and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Product Table for WooCommerce version. If version is below 3.1.2, you are vulnerable.

Check Version:

wp plugin get wooproducttable --field=version

Verify Fix Applied:

Confirm plugin version is 3.1.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-admin/admin-ajax.php with action=wpt_admin_update_notice_option
Unusual PHP function calls in web server logs
Multiple failed function execution attempts

Network Indicators:

HTTP POST requests to admin-ajax.php with suspicious callback parameters
Unusual outbound connections from web server

SIEM Query:

web.url:*admin-ajax.php* AND web.post_data:*wpt_admin_update_notice_option*

📊 Metadata

CVE ID: CVE-2022-1020

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: April 18, 2022

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1020, you might also want to check these: