Welcart e-Commerce < 2.9.6 – Admin+ PHP Object Injection | Plugin Vulnerabilities

Description

The plugin is vulnerable to PHP Object Injection in all versions up to 2.9.5 (inclusive) via deserialization of untrusted input in the welcart_confirm_check_ajax function. This makes it possible for administrators to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Affects Plugins

Fixed in 2.9.6

References

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/91f86c22-94db-4c43-985a-2f3dd96ece21

Classification

Type

OBJECT INJECTION

OWASP top 10

A8: Insecure Deserialization

CWE

CVSS

Miscellaneous

Verified

No

WPVDB ID

de991b08-d234-4ca4-87ef-0beb8a6a0c31

Timeline

Publicly Published

2023-11-15 (about 2 years ago)

Added

2024-01-17 (about 2 years ago)

Last Updated

2024-01-17 (about 2 years ago)

Other

Published

Title

Published

2024-03-05

Title

Product Carousel Slider & Grid Ultimate for WooCommerce < 1.9.8 - Authenticated(Contributor+) PHP Object Injection

Published

2024-08-16

Title

myCred < 2.7.3 - Unauthenticated PHP Object Injection

Published

2025-05-12

Title

WPFunnels < 3.5.19 - Unauthenticated PHP Object Injection

Published

2026-03-03

Title

Solaris <= 2.5 - Unauthenticated PHP Object Injection

Published

2025-02-24

Title

ADFO – Custom data in admin dashboard <= 1.9.1 - Authenticated (Admin+) PHP Object Injection