PatchSiren cyber security CVE debrief

CVE-2026-34902 WC Product Table CVE debrief

CVE-2026-34902 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in WooCommerce Product Table Lite versions <= 4.6.3. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-34902).

Vendor: WC Product Table
Product: WooCommerce Product Table Lite
CVSS: HIGH 7.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-15
Original CVE updated: 2026-06-15
Advisory published: 2026-06-15
Advisory updated: 2026-06-15

Who should care

Administrators and users of WooCommerce Product Table Lite versions <= 4.6.3 should apply patches or mitigations to prevent exploitation.

Technical summary

The vulnerability is caused by a lack of proper input validation and sanitization in WooCommerce Product Table Lite versions <= 4.6.3, allowing unauthenticated attackers to inject malicious scripts.

Defensive priority

HIGH

Recommended defensive actions

Apply patches or updates to WooCommerce Product Table Lite to version > 4.6.3
Review and implement secure coding practices to prevent similar vulnerabilities

Evidence notes

Evidence of this vulnerability was provided by Patchstack (see [ref-4](https://patchstack.com/database/wordpress/plugin/wc-product-table-lite/vulnerability/wordpress-woocommerce-product-table-lite-plugin-4-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve)).

Official resources

CVE-2026-34902 CVE record
CVE.org
CVE-2026-34902 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected]

CVE-2026-34902 was published on 2026-06-15T21:16:42.340Z and modified on 2026-06-15T21:24:32.790Z.