WooCommerce <= 3.4.5 - Authenticated Object Injection
According to WooCommerce: "Versions 3.4.5 and earlier are affected by a handful of issues that allow Shop Managers to exceed their capabilities and perform malicious actions. These issues can be exploited by users with Shop Manager capabilities or greater, and we recommend all users running WooCommerce 3.x upgrade to 3.4.6 to mitigate them. Thanks to Simon Scannell, Karim, and Slavco for reporting the issues." See references for PoC and further technical details.
fixed in version 3.4.6
|Publicly Published||2018-10-11 (9 months ago)|
|Added||2018-10-19 (9 months ago)|
|Last Updated||2018-10-19 (9 months ago)|