Lucene search
China National Vulnerability DatabaseCNVD-2022-85332HistoryNov 30, 2022 - 12:00 a.m.
WordPress Checkout Field Editor for WooCommerce plugin deserialization vulnerability
2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
wordpress
woocommerce
php
deserialization
vulnerability
user variables
high privilege
php object injection
wordpress foundation
0.001 Low
EPSS
Percentile
43.1%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WooCommerce WordPress plugin Checkout Field Editor (Checkout Manager) version 1.8.0 or earlier is vulnerable to a deserialization vulnerability, which stems from the fact that the plugin can operate on variables entered by the user through the settings that have been Serialized variables can be manipulated to convert them back to PHP values. An attacker with a high privilege user (such as an administrator) could exploit the vulnerability to conduct a PHP object injection attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress checkout field editor for woocommerce plugin | lt | 1.8.0 |
Related
openvas
openvas
wpvulndb
wpvulndb
Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection
2022-11-07 00:00:00
prion
prion
Design/Logic Flaw
2022-11-28 14:15:00
nvd
nvd
CVE-2022-3490
2022-11-28 14:15:12
cvelist
cvelist
patchstack
patchstack
cve
cve
CVE-2022-3490
2022-11-28 14:15:12
wpexploit
wpexploit
Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection
2022-11-07 00:00:00