WordPress Plugin Vulnerabilities

ShopLentor < 2.5.4 - PHP Object Injection

Description

The plugin unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

Affects Plugins

Plugin icon
woolentor-addons
Fixed in 2.5.4

References

CVE
CVE-2023-0232
URL
https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
WPScan
Verified
Yes
WPVDB ID
1885a708-0e8a-4f4c-8e26-069bebe9a518

Timeline

Publicly Published
2023-01-28 (about 1 years ago)
Added
2023-01-28 (about 1 years ago)
Last Updated
2023-01-28 (about 1 years ago)

Other

Published
Title
Published
2022-11-17
Title
Betheme < 26.6 - Subscriber+ PHP Object Injection
Published
2017-04-27
Title
My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection
Published
2023-09-21
Title
Enable Media Replace < 4.1.3 - Author+ PHP Object Injection
Published
2024-04-03
Title
Modal Popup Box – Popup Builder, Show Offers And News in Popup < 1.5.3 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode
Published
2024-05-03
Title
ConvertPlug < 3.5.26 - Authenticated (Contributor+) PHP Object Injection