WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

UltimateWoo <= 0.1.10 - PHP Object Injection

Description

The plugin is using an outdated library which is affected by a PHP Object Injection issue

Affects Plugins

ultimatewoo
No known fix - plugin closed

References

URL
https://plugins.trac.wordpress.org/browser/ultimatewoo/trunk/modules/social-login/lib/opauth/lib/Opauth/Opauth.php#L235
URL
https://plugins.trac.wordpress.org/browser/ultimatewoo/trunk/modules/social-login/lib/opauth/lib/Opauth/Opauth.php#L238

Classification

Type

OBJECT INJECTION

OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID
3d689de8-3c0c-49f0-a697-39a6dab52022

Timeline

Publicly Published

2021-05-07 (about 1 years ago)

Added

2021-05-07 (about 1 years ago)

Last Updated

2021-05-07 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin