How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

Description

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

Proof of Concept

To simulate a gadget chain, put the following code in a plugin

class Evil {
  public function __wakeup() : void {
    die("Arbitrary deserialization");
  }
}

Then import the following payload via WooCommerce > Checkout Form > Advanced Settings > Backup and Import Settings: Tzo0OiJFdmlsIjowOnt9Ow==

Tzo0OiJFdmlsIjowOnt9Ow== being the base64 encode of serialized object: O:4:"Evil":0:{};

Affects Plugins

woo-checkout-field-editor-pro

Fixed in version 1.8.0

References

CVE

Classification

Type

OBJECT INJECTION

OWASP top 10

A8: Insecure Deserialization

CWE

Miscellaneous

Original Researcher

Nguyen Duy Quoc Khanh

Submitter

Nguyen Duy Quoc Khanh

Submitter twitter

Verified

Yes

WPVDB ID

0c9f22e0-1d46-4957-9ba5-5cca78861136

Timeline

Publicly Published

2022-11-07 (about 4 months ago)

Added

2022-11-07 (about 4 months ago)

Last Updated

2022-11-07 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin