CVE-2025-39602 identifies a Missing Authorization vulnerability in the WooCommerce Product Table Lite plugin, specifically versions up to and including 3.9.5. The vulnerability arises from improperly configured access control mechanisms within the plugin, which is designed to display product tables on WooCommerce-powered WordPress sites. Due to this misconfiguration, unauthorized users may bypass intended authorization checks, potentially gaining access to sensitive product data or performing unauthorized actions within the product table interface. This could include viewing restricted product information or manipulating product listings without proper permissions. The vulnerability does not require prior authentication or user interaction, increasing its risk profile. Although no known exploits have been reported in the wild, the flaw's presence in a popular e-commerce plugin makes it a significant concern. The lack of a CVSS score indicates that the vulnerability is newly discovered and pending detailed scoring. The issue affects all versions up to 3.9.5, and no official patches or mitigation links have been published yet. The vulnerability was publicly disclosed on April 16, 2025, by Patchstack, a recognized vulnerability database and security vendor. Organizations using WooCommerce Product Table Lite should prioritize assessing their exposure and prepare to apply patches or mitigations once available.

The primary impact of CVE-2025-39602 is unauthorized access to or manipulation of product table data within WooCommerce-powered e-commerce sites. This can lead to confidentiality breaches where sensitive product information is exposed to unauthorized parties. Integrity may also be compromised if attackers modify product listings, prices, or availability, potentially causing financial loss or reputational damage. Availability impact is less direct but could occur if attackers disrupt product table functionality. Given WooCommerce's widespread use in online retail, exploitation could affect numerous organizations globally, especially small to medium-sized businesses relying on this plugin for product display. The vulnerability's ease of exploitation without authentication increases risk, potentially enabling automated attacks or mass exploitation attempts. While no active exploits are known, the vulnerability could be leveraged in targeted attacks against e-commerce platforms, supply chain disruptions, or fraud schemes. Organizations failing to address this vulnerability may face regulatory compliance issues related to data protection and consumer trust.

1. Monitor official WooCommerce Product Table Lite channels and Patchstack for the release of security patches addressing CVE-2025-39602 and apply updates promptly. 2. Until patches are available, restrict access to the product table functionality by limiting user roles and permissions to trusted administrators only. 3. Implement web application firewall (WAF) rules to detect and block suspicious requests targeting the product table endpoints. 4. Conduct a thorough review of access control configurations within the WordPress environment and WooCommerce settings to ensure least privilege principles are enforced. 5. Consider temporarily disabling or replacing the WooCommerce Product Table Lite plugin with alternative solutions that do not exhibit this vulnerability. 6. Monitor logs for unusual access patterns or unauthorized attempts to interact with product tables. 7. Educate site administrators on the risks associated with plugin vulnerabilities and the importance of timely updates. 8. Employ network segmentation and application-layer protections to reduce the attack surface exposed to external actors.