Ecwid Ecommerce Shopping Cart <= 4.4.3 - Unauthenticated PHP Object Injection

Affects Plugin

fixed in version 4.4.4

References

URL https://sumofpwn.nl/advisory/2016/ecwid_ecommerce_shopping_cart_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.html
URL https://seclists.org/fulldisclosure/2016/Aug/29

Classification

Type OBJECTINJECTION
OWASP Top 10 A8: Insecure Deserialization
CWE CWE-502

Miscellaneous

Submitter pvdl
Views 6778
Verified No
WPVDB ID 8588

Timeline

Publicly Published 2016-08-08 (almost 4 years ago)
Added 2016-08-08 (almost 4 years ago)
Last Updated 2019-11-01 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin