Carts Guru <= 1.4.4 - Unauthenticated Object Injection

Affects Plugin

fixed in version 1.4.6

References

CVE 2019-12241
URL http://dumpco.re/bugs/wp-plugin-carts-guru-id

Classification

Type OBJECTINJECTION
OWASP Top 10 A8: Insecure Deserialization
CWE CWE-502

Miscellaneous

Original Researcher Magnus K. Stubman ‏
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 3753
Verified No
WPVDB ID 9292

Timeline

Publicly Published 2019-05-07 (5 months ago)
Added 2019-05-27 (4 months ago)
Last Updated 2019-06-01 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin