WordPress Plugin Vulnerabilities

Ecwid Ecommerce Shopping Cart <= 4.4.3 - Unauthenticated PHP Object Injection

Description

The Ecwid Ecommerce Shopping Cart WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability.

Affects Plugins

Plugin icon
ecwid-shopping-cart
Fixed in 4.4.4

References

URL
https://sumofpwn.nl/advisory/2016/ecwid_ecommerce_shopping_cart_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.html
URL
https://seclists.org/fulldisclosure/2016/Aug/29

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
fd914881-07a2-4e11-a880-c6cb8a716288

Timeline

Publicly Published
2016-08-08 (about 9 years ago)
Added
2016-08-08 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-09-23
Title
Addison < 1.4.8 - Unauthenticated PHP Object Injection
Published
2025-09-22
Title
Awesome Support < 6.3.6 - Authenticated (Support Manager+) PHP Object Injection
Published
2026-03-18
Title
Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 1.1.1 - Unauthenticated PHP Object Injection
Published
2025-08-17
Title
Simple Login Log < 2.0.0 - Authenticated (Administrator+) PHP Object Injection
Published
2024-11-13
Title
AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection