This vulnerability is a missing authorization flaw in the WooCommerce Product Table Lite plugin that allows an attacker to exploit incorrectly configured access control settings. The flaw means that users who should not have access to certain product data or administrative features can obtain that information through the plugin's web interface. The primary impact is the disclosure or potential manipulation of product data, which can affect the confidentiality and integrity of the store’s catalog. The weakness is categorized as a Broken Access Control (CWE-862).

Vendors and products affected are WC Product Table: WooCommerce Product Table Lite. Any installation of the plugin with a version of 3.8.7 or earlier is vulnerable. Upgrading to a later release (3.8.8 or above) removes the issue.

The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% indicates that, at the time of this analysis, exploitation is considered unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via the web interface of the plugin, requiring authenticated access, though the specific prerequisites are not detailed in the description and are inferred from typical plugin behavior. The vulnerability can be exploited by users who otherwise would not have permission to view or modify product information if the plugin’s access controls are misconfigured.