WordPress Plugin Vulnerabilities

Welcart e-Commerce < 1.8.3 - PHP Object Injection

Description

The Welcart e-Commerce WordPress plugin was affected by a PHP Object Injection security vulnerability.

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 1.8.3

References

CVE
CVE-2016-4825
URL
http://www.welcart.com/community/archives/78977
URL
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000115.html

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
5.6 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d5177bf2-1660-4cb9-9444-f439474d700a

Timeline

Publicly Published
2016-06-24 (about 9 years ago)
Added
2016-06-27 (about 9 years ago)
Last Updated
2020-12-10 (about 5 years ago)

Other

Published
Title
Published
2024-04-10
Title
WordPress Geo Controller < 8.6.5 - PHP Object Injection
Published
2026-03-23
Title
Ricky < 2.31 - Unauthenticated PHP Object Injection
Published
2021-08-02
Title
Bold Page Builder < 3.1.6 - PHP Object Injection
Published
2025-08-19
Title
Redirection for Contact Form 7 < 3.2.5 - Unauthenticated PHP Object Injection via PHAR Deserialization
Published
2026-01-27
Title
PhotoMe <= 5.6.11 - Unauthenticated PHP Object Injection