BinaryCarpenter’s Free Woocommerce Product Table View plugin contains a missing authorization flaw that allows attackers to bypass intended access controls and view product table data that should be restricted. The vulnerability is a broken access control weakness, identified as CWE‑862, which can lead to the unauthorized disclosure of product information and potentially associated pricing or inventory details. The impact is primarily a compromise of confidentiality for the information exposed through the plugin’s interface; availability or integrity are not directly affected according to the provided description.

WordPress sites running the Free Woocommerce Product Table View plugin version 1.78 or earlier. All releases from the initial release through 1.78 are affected. The plugin is distributed by BinaryCarpenter and is listed as "Free Woocommerce Product Table View" in the CNA data.

The vulnerability has a CVSS score of 5.4, indicating moderate risk, and an EPSS score of < 1%, suggesting a very low likelihood of exploitation at present. It is not listed in the CISA KEV catalog. Attackers can likely exploit the flaw through unauthenticated HTTP requests to the plugin’s exposed endpoints, abusing the missing permission checks to retrieve product data. The attack vector is inferred to be a web application exploit rather than a local privilege escalation or denial of service.