WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WooCommerce WordPress plugin Checkout Field Editor (Checkout Manager) version 1.8.0 or earlier is vulnerable to a deserialization vulnerability, which stems from the fact that the plugin can operate on variables entered by the user through the settings that have been Serialized variables can be manipulated to convert them back to PHP values. An attacker with a high privilege user (such as an administrator) could exploit the vulnerability to conduct a PHP object injection attack.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress checkout field editor for woocommerce plugin | lt | 1.8.0 |