WooCommerce <= 3.4.4 - Potential Object Injection



Description
According to WooCommerce:

"Versions 3.4.4 and earlier are affected by an issue where a function that updates attributes could lead to object injection. This is related to the WordPress 4.8.3 security release.

This issue can only be exploited by users who can edit attributes and should not be possible to exploit through the WordPress administrative screens, but we still recommend all users running WooCommerce 3.x upgrade to 3.4.5 to mitigate this issue. Thanks to slavco for responsibly disclosing the vulnerability to us."

Affects Plugin

fixed in version 3.4.5

References

URL https://woocommerce.wordpress.com/2018/08/29/woocommerce-3-4-5-security-fix-release-notes/

Classification

Type OBJECTINJECTION

Miscellaneous

Submitter Ryan Dewhurst
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 4400
Verified No
WPVDB ID 9120

Timeline

Publicly Published 2018-08-29 (23 days ago)
Added 2018-08-30 (22 days ago)
Last Updated 2018-08-30 (22 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.