WordPress Plugin Vulnerabilities

Carts Guru < 1.4.6 - Unauthenticated Object Injection

Description

The Carts Guru WordPress plugin was affected by an Unauthenticated Object Injection security vulnerability.

Affects Plugins

Plugin icon
carts-guru
Fixed in 1.4.6

References

CVE
CVE-2019-12241
URL
http://dumpco.re/bugs/wp-plugin-carts-guru-id

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Magnus K. Stubman ‏
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
54c30608-82df-41e1-8fdd-077cd7f3796a

Timeline

Publicly Published
2019-05-07 (about 7 years ago)
Added
2019-05-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-09-04
Title
Single Property <= 2.8 - Authenticated (Subscriber+) PHP Object Injection
Published
2024-03-27
Title
Meta Tag Manager < 3.1 - Subscriber+ PHP Object Injection
Published
2023-01-28
Title
ShopLentor < 2.5.4 - PHP Object Injection
Published
2025-05-21
Title
Pet World <= 2.8 - Authenticated (Subscriber+) PHP Object Injection
Published
2025-04-10
Title
TableOn – WordPress Posts Table Filterable < 1.0.4.4 - Unauthenticated PHP Object Injection