WooCommerce <= 3.2.3 - Authenticated PHP Object Injection

Sign up to our free email alerts service for instant vulnerability notifications!

Description
"Versions 3.2.3 and earlier are affected by an issue where cached queries within shortcodes could lead to object injection. This is related to the recent WordPress 4.8.3 security release.

This issue can only be exploited by users who can edit content and add shortcodes, but we still recommend all users running WooCommerce 3.x upgrade to 3.2 to mitigate this issue."

Affects Plugin

fixed in version 3.2.4

References

URL https://woocommerce.wordpress.com/2017/11/16/woocommerce-3-2-4-security-fix-release-notes/
URL https://blog.ripstech.com/2018/woocommerce-php-object-injection/

Classification

Type OBJECTINJECTION

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 1096
Verified No
WPVDB ID 9028

Timeline

Publicly Published 2017-11-16 (7 months ago)
Added 2018-02-23 (4 months ago)
Last Updated 2018-04-12 (2 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.