MarketPress <= 3.2.6 - PHP Object Injection
Sign up to our free email alerts service for instant vulnerability notifications!Description | The MarketPress plugin (installs to a directory named wordpress-ecommerce) versions 3.2.6 and prior are vulnerable to a PHP Object Injection attack from the cart cookie value stored in connection with this plugin. |
Proof of Concept |
|
Affects Plugin
fixed in version 3.2.7
|
References
URL | https://premium.wpmudev.org/project/e-commerce/ |
URL | https://plugins.trac.wordpress.org/changeset/1735475/wordpress-ecommerce |
Classification
Type | OBJECTINJECTION |
Miscellaneous
Submitter | Robert R |
Submitter Website | https://pagely.com |
Submitter Twitter | @iamlei |
Views | 186 |
Verified | No |
WPVDB ID | 8917 |
Timeline
Publicly Published | 2017-10-01 (7 months ago) |
Added | 2017-09-28 (7 months ago) |
Last Updated | 2018-04-12 (8 days ago) |
Copyright & License
Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |