CVE-2024-10813 – The Product Table for WooCommerce plugin for Wo... (How to Fix)

Q: What is the severity of CVE-2024-10813?

CVE-2024-10813 has a CVSS score of 5.3 (MEDIUM). The Product Table for WooCommerce plugin for WordPress exposes sensitive information through the var_dump_table parameter, allowing unauthenticated attackers to view internal data structures. This affects all WordPress sites using this plugin up to version 3.5.1. The vulnerability could reveal database details, configuration information, or other sensitive data.

📋 TL;DR

The Product Table for WooCommerce plugin for WordPress exposes sensitive information through the var_dump_table parameter, allowing unauthenticated attackers to view internal data structures. This affects all WordPress sites using this plugin up to version 3.5.1. The vulnerability could reveal database details, configuration information, or other sensitive data.

💻 Affected Systems

Products:

Product Table for WooCommerce by CodeAstrology

Versions: All versions up to and including 3.5.1

Operating Systems: All platforms running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the plugin to be installed and activated on a WordPress site with WooCommerce.

📦 What is this software?

Woo Product Table by Codeastrology

View all CVEs affecting Woo Product Table →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract database credentials, API keys, or other sensitive configuration data leading to complete site compromise or data theft.

🟠

Likely Case

Attackers could view internal PHP data structures, potentially revealing product information, user data, or system configuration details.

🟢

If Mitigated

With proper access controls and monitoring, exposure would be limited to non-critical data with alerts triggered on suspicious activity.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a request with the var_dump_table parameter to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.2 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/woo-product-table/trunk/inc/shortcode-base.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Product Table for WooCommerce'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable parameter via .htaccess

all

Block requests containing the var_dump_table parameter at web server level

RewriteEngine On
RewriteCond %{QUERY_STRING} var_dump_table [NC]
RewriteRule ^ - [F,L]

🧯 If You Can't Patch

Disable or remove the Product Table for WooCommerce plugin immediately
Implement WAF rules to block requests containing 'var_dump_table' parameter

🔍 How to Verify

Check if Vulnerable:

Check if plugin version is 3.5.1 or earlier in WordPress admin panel under Plugins → Installed Plugins

Check Version:

wp plugin list --name='Product Table for WooCommerce' --field=version

Verify Fix Applied:

Verify plugin version is 3.5.2 or later and test that var_dump_table parameter no longer exposes data

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'var_dump_table' parameter in query string
Unusual data dumps in response logs

Network Indicators:

Requests to WordPress admin-ajax.php or plugin endpoints with var_dump_table parameter

SIEM Query:

source="web_logs" AND (uri="*var_dump_table*" OR query_string="*var_dump_table*")

📊 Metadata

CVE ID: CVE-2024-10813

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-862

Published: November 23, 2024

Last Updated: July 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10813, you might also want to check these: