WP-Safety

Product Table and List Builder for WooCommerce Lite Security & Risk Analysis

wordpress.org/plugins/wc-product-table-lite

Show your WooCommerce products in beautiful table and list layout with ease. Improves shopping experience for your customers and increases sales.

10K active installs v4.6.3 PHP 7.4+ WP 4.9+ Updated Feb 10, 2026
product-table-for-woocommercewc-product-tablewoocommerce-product-listwoocommerce-product-tablewoocommerce-tables
88
A · Safe
CVEs total9
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Product Table and List Builder for WooCommerce Lite Safe to Use in 2026?

Generally Safe

Score 88/100

Product Table and List Builder for WooCommerce Lite has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Feb 18, 2026Updated 1mo ago
Risk Assessment

The "wc-product-table-lite" v4.6.3 plugin presents a mixed security posture. While it demonstrates some good practices like using prepared statements for a high percentage of its SQL queries and having a relatively low number of bundled libraries, significant concerns arise from its attack surface and output escaping. A large number of AJAX handlers (15 out of 18) lack proper authentication checks, creating a wide entry point for unauthorized actions. Furthermore, a concerningly low percentage (23%) of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history, with 9 known CVEs including high-severity SQL injection, code injection, missing authorization, CSRF, and XSS, further amplifies these risks. Although there are currently no unpatched CVEs, the recurring nature of these vulnerabilities suggests a persistent pattern of insecure coding practices that may resurface in future versions.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping percentage
  • History of high severity vulnerabilities
  • History of critical severity vulnerabilities
  • History of medium severity vulnerabilities
  • Bundled library (Select2)
Vulnerabilities
9

Product Table and List Builder for WooCommerce Lite Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2023
2023
3 CVEs in 2024
2024
3 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
3
Medium
6

9 total CVEs

CVE-2026-2232high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter

Feb 18, 2026 Patched in 4.6.3 (2d)
CVE-2025-39602medium · 5.3Missing Authorization

WooCommerce Product Table Lite <= 3.9.5 - Missing Authorization

Apr 16, 2025 Patched in 3.9.6 (15d)
CVE-2024-13472high · 7.3Improper Control of Generation of Code ('Code Injection')

WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

Jan 30, 2025 Patched in 3.9.5 (1d)
CVE-2025-24596medium · 5.3Missing Authorization

WooCommerce Product Table Lite <= 3.8.7 - Missing Authorization

Jan 24, 2025 Patched in 3.9.0 (5d)
CVE-2024-10899high · 7.3Improper Control of Generation of Code ('Code Injection')

WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

Nov 19, 2024 Patched in 3.8.7 (1d)
CVE-2024-43128medium · 4.8Improper Control of Generation of Code ('Code Injection')

WooCommerce Product Table Lite <= 3.5.1 - Unauthenticated Arbitrary Shortcode Execution

Aug 7, 2024 Patched in 3.8.6 (8d)
CVE-2024-6458medium · 6.4Missing Authorization

WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting

Jul 26, 2024 Patched in 3.8.6 (1d)
CVE-2023-47519medium · 4.3Cross-Site Request Forgery (CSRF)

WooCommerce Product Table Lite <= 2.6.2 - Cross-Site Request Forgery

Nov 7, 2023 Patched in 3.1.0 (77d)
WF-36ae359b-7694-4e8b-9fe6-5e9e40345305-wc-product-table-litemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce Product Table Lite <= 2.4.0 - Reflected Cross-Site Scripting

Sep 27, 2021 Patched in 2.4.0 (848d)
Code Analysis
Analyzed Mar 16, 2026

Product Table and List Builder for WooCommerce Lite Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
12 prepared
Unescaped Output
704
208 escaped
Nonce Checks
5
Capability Checks
9
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

92% prepared13 total queries

Output Escaping

23% escaped912 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

15 flows9 with unsanitized paths
wcpt_redirect_to_table_editor (main.php:302)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

Product Table and List Builder for WooCommerce Lite Attack Surface

Entry Points21
Unprotected15

AJAX Handlers 18

authwp_ajax_wcpt_dismiss_name_change_noticemain.php:84
authwp_ajax_wcpt_save_table_settingsmain.php:475
authwp_ajax_wcpt_save_global_settingsmain.php:581
authwp_ajax_wcpt_ajaxmain.php:1907
noprivwp_ajax_wcpt_ajaxmain.php:1908
authwp_ajax_wcpt_add_to_cartmain.php:2296
noprivwp_ajax_wcpt_add_to_cartmain.php:2297
authwp_ajax_wcpt_cart_widgetmain.php:2361
noprivwp_ajax_wcpt_cart_widgetmain.php:2362
noprivwp_ajax_wcpt_get_cartmain.php:2384
authwp_ajax_wcpt_get_cartmain.php:2385
noprivwp_ajax_wcpt_get_product_form_modalmain.php:2877
authwp_ajax_wcpt_get_product_form_modalmain.php:2878
authwp_ajax_wcpt_get_termsmain.php:3657
authwp_ajax_wcpt_get_attribute_termsmain.php:5627
authwp_ajax_wcpt_cartmain.php:6095
noprivwp_ajax_wcpt_cartmain.php:6096
authwp_ajax_wcpt_reset_theme_settingstheme_customizer\theme_customizer.php:604

REST API Routes 1

GET/wp-json/wcpt_qv2/v1/terms/(?P<taxonomy_slug>[a-zA-Z0-9_-]+)query_editor_v2\query_editor_v2.php:663

Shortcodes 2

[product_table] main.php:2394
[product_table] templates\content.php:18
WordPress Hooks 110
filterwcpt_navigationclass-wc-shortcode-product-table.php:323
actionwoocommerce_product_is_visibleclass-wc-shortcode-product-table.php:433
actionadmin_noticesmain.php:32
actionadmin_noticesmain.php:46
actionplugins_loadedmain.php:228
actioninitmain.php:235
actionplugins_loadedmain.php:301
actionadmin_menumain.php:326
actionadmin_enqueue_scriptsmain.php:330
actionadmin_menumain.php:345
actionadmin_noticesmain.php:770
actionadmin_enqueue_scriptsmain.php:773
actionadmin_print_scriptsmain.php:851
actionwp_enqueue_scriptsmain.php:865
actionwp_footermain.php:928
actioninitmain.php:1870
actionwc_ajax_wcpt_ajaxmain.php:1906
actionadmin_bar_menumain.php:1958
filteroption_woocommerce_cart_redirect_after_addmain.php:2003
actionwp_loadedmain.php:2007
filterwoocommerce_add_errormain.php:2026
filterwoocommerce_add_errormain.php:2259
actionwc_ajax_wcpt_add_to_cartmain.php:2295
filterwcpt_element_markupmain.php:2858
actionwc_ajax_wcpt_get_product_form_modalmain.php:2876
filterwcpt_datamain.php:3332
filterwcpt_datamain.php:3383
filterwcpt_navigationmain.php:3573
filterterms_clausesmain.php:3757
actionadmin_footermain.php:4215
filterwcpt_query_argsmain.php:4298
filterwcpt_navigationmain.php:4340
filterwcpt_elementmain.php:4418
filterwcpt_element_markupmain.php:4442
filterwcpt_contentmain.php:4479
filterwcpt_excerptmain.php:4480
filterwcpt_excerptmain.php:4483
filterwcpt_shortcode_attributesmain.php:4501
filterwcpt_search_argsmain.php:4505
actionwp_enqueue_scriptsmain.php:4521
actionwcpt_before_loopmain.php:4531
filterwcpt_container_closemain.php:4536
filterimage_downsizemain.php:4542
actionwcpt_before_product_table_is_processedmain.php:4686
actionbefore_woocommerce_initmain.php:4714
actionwp_enqueue_scriptsmain.php:4844
filterwcpt_permitted_paramsmain.php:4853
filterwcpt_datamain.php:5058
filterwcpt_elementmain.php:5078
filterwp_speculation_rules_href_exclude_pathsmain.php:5133
filterwcpt_style_prop_valmain.php:5155
filterwcpt_container_html_classmain.php:5178
filterwcpt_query_argsmain.php:5283
actionpre_get_postsmain.php:5302
filterposts_searchmain.php:5332
filterget_search_querymain.php:5350
filteradmin_search_box_placeholdermain.php:5358
filterwcpt_datamain.php:5367
filtermanage_wc_product_table_posts_columnsmain.php:5501
actionmanage_wc_product_table_posts_custom_columnmain.php:5515
actionadmin_head-edit.phpmain.php:5540
filtermanage_edit-wc_product_table_sortable_columnsmain.php:5619
actionbefore_delete_postmain.php:5865
actionsave_postmain.php:5866
filterpost_row_actionsmain.php:5875
filterwcpt_settingsmain.php:5922
filterwcpt_settingsmain.php:6063
actionadmin_initmain.php:6080
actionwc_ajax_wcpt_cartmain.php:6094
filterwcpt_templatemain.php:6204
actionadmin_enqueue_scriptspresets\presets.php:2
actionadmin_initpresets\presets.php:76
actionadmin_initpresets\presets.php:110
actiontemplate_redirectpreview-form\preview-form.php:3
filtersingle_templatepreview-form\preview-form.php:39
actiontemplate_redirectpreview-form\preview-form.php:63
actionwp_enqueue_scriptspreview-form\preview-form.php:79
actionwp_headpreview-form\preview-form.php:103
filterthe_contentpreview-form\preview-form.php:114
filterbody_classpreview-form\preview-form.php:241
actionadmin_enqueue_scriptsquery_editor_v2\query_editor_v2.php:24
actionadmin_initquery_editor_v2\query_editor_v2.php:27
filterwcpt_dataquery_editor_v2\query_editor_v2.php:121
filterwcpt_dataquery_editor_v2\query_editor_v2.php:231
filterwcpt_before_parse_attributesquery_editor_v2\query_editor_v2.php:331
actionrest_api_initquery_editor_v2\query_editor_v2.php:662
filterwcpt_search__query_resultssearch.php:372
filterwcpt_before_apply_user_filterssearch.php:903
filterwcpt_style_prop_valstyle-functions.php:414
filterwcpt_elementstyle-functions.php:576
filterwcpt_parse_style_datastyle-functions.php:636
filterwcpt_elementstyle-functions.php:663
filterwcpt_elementstyle-functions.php:693
filterwcpt_elementstyle-functions.php:716
filterwcpt_datastyle-functions.php:741
filterwcpt_elementstyle-functions.php:771
filterwcpt_parse_style_column_cell_datastyle-functions.php:795
filterwcpt_datastyle-functions.php:809
filterwcpt_elementstyle-functions.php:833
filterwcpt_style_divisionstyle-functions.php:876
filterwcpt_navigationtemplates\price_filter.php:111
actioncustomize_controls_print_stylestheme_customizer\theme_customizer.php:53
actioncustomize_registertheme_customizer\theme_customizer.php:367
actioncustomize_controls_enqueue_scriptstheme_customizer\theme_customizer.php:444
actioncustomize_preview_inittheme_customizer\theme_customizer.php:507
actionwp_enqueue_scriptstheme_customizer\theme_customizer.php:538
actionwp_footertheme_customizer\theme_customizer.php:579
actionadmin_enqueue_scriptstheme_customizer\theme_customizer.php:614
filterthe_contenttheme_customizer\theme_customizer.php:682
filterwcpt_dataupdate.php:4

Scheduled Events 1

wcpt_cleanup_sessions
Maintenance & Trust

Product Table and List Builder for WooCommerce Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 10, 2026
PHP min version7.4
Downloads285K

Community Trust

Rating98/100
Number of ratings250
Active installs10K
Alternatives

Product Table and List Builder for WooCommerce Lite Alternatives

Product Table for WooCommerce

Product Table for WooCommerce

woo-product-table

A
90

Helps you to display your products in a searchable table layout with filters.

6K 4 CVEs
Product Table For WooCommerce

Product Table For WooCommerce

product-table-for-woocommerce

A
96

WooCommerce Product Table plugin helps you to showcase the products in a table layout. Gone are those days where the default grid layouts ruled WooCom &hellip;

600 2 CVEs
Product Table for WooCommerce – Add Multiple Products to Cart

Product Table for WooCommerce – Add Multiple Products to Cart

multiple-products-to-cart-for-woocommerce

A
100

A truly lightweight EASY to use and super FAST WooCommerce product table solution to add multiple products to cart at once.

400 No CVEs
GroceryBuddy – Grocery Shop – Products Table – For WooCommerce

GroceryBuddy – Grocery Shop – Products Table – For WooCommerce

grocery-shop-grocerybuddy

A
92

GroceryBuddy WordPress plugin can convert your WooCommerce products to be ordered from single page Products table, Products Accordion. 

10 No CVEs
Responsive Product Table for WooCommerce and Elementor

Responsive Product Table for WooCommerce and Elementor

product-table-for-elementor

A
100

Display your WooCommerce products in an intuitive table layout.

10 No CVEs
Developer Profile

Product Table and List Builder for WooCommerce Lite Developer Profile

WC Product Table

1 plugin · 10K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
106 days
View full developer profile
Detection Fingerprints

How We Detect Product Table and List Builder for WooCommerce Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-product-table-lite/assets/css/frontend.css/wp-content/plugins/wc-product-table-lite/assets/css/style.css/wp-content/plugins/wc-product-table-lite/assets/js/frontend.js/wp-content/plugins/wc-product-table-lite/assets/js/wc-product-table-lite.js
Script Paths
/wp-content/plugins/wc-product-table-lite/assets/js/frontend.js/wp-content/plugins/wc-product-table-lite/assets/js/wc-product-table-lite.js
Version Parameters
wc-product-table-lite/assets/css/frontend.css?ver=wc-product-table-lite/assets/css/style.css?ver=wc-product-table-lite/assets/js/frontend.js?ver=wc-product-table-lite/assets/js/wc-product-table-lite.js?ver=

HTML / DOM Fingerprints

CSS Classes
wcpt-frontend-wrapperwcpt-table-bodywcpt-table-headerwcpt-table-rowwcpt-cart-widgetwcpt-modal
HTML Comments
<!-- WCPT_DEV --><!-- Only show notice for versions below 4.8.0 --><!-- Check if notice was already dismissed --><!-- Ajax handler to dismiss the notice -->+3 more
Data Attributes
data-wcpt-settingsdata-wcpt-table-id
JS Globals
wcpt_ajax_urlwcpt_plugin_urlwcpt_settings_dataWCPT_VERSIONWCPT_TEXT_DOMAIN
Shortcode Output
[wc_product_table[wc_product_list
FAQ

Frequently Asked Questions about Product Table and List Builder for WooCommerce Lite