The vulnerability is a missing authorization check in the WooCommerce Product Table Lite plugin up to version 3.9.5. It allows an attacker to bypass the intended access controls and view or modify product table data without proper permissions. The flaw stems from an unchecked security level, which can enable unauthorized users to read sensitive product information or potentially alter product listings, compromising data integrity. This weakness is categorized as CWE-862: Missing Authorization.

Affected systems are WordPress sites that have the WooCommerce Product Table Lite plugin installed with any version at or below 3.9.5. The plugin, developed by WC Product Table, is widely used for displaying product tables in WooCommerce storefronts. Version information is provided as n/a through <=3.9.5, meaning all releases up to and including 3.9.5 are vulnerable.

The CVSS score of 4.3 indicates moderate impact. The EPSS score of less than 1% suggests a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves accessing plugin-protected pages or API endpoints via a web browser or crafted HTTP request. An attacker who can discover these endpoints does not need elevated privileges, making the vulnerability exploitable by any authenticated or even anonymous user depending on site configuration.