Lucene search

PatchstackCVELIST:CVE-2023-32795

HistoryDec 28, 2023 - 10:43 a.m.

CVE-2023-32795 WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection

2023-12-2810:43:07

CWE-502

Patchstack

www.cve.org

wordpress

woocommerce

product add-ons

php object injection

deserialization

untrusted data

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Product Add-Ons",
    "vendor": "WooCommerce",
    "versions": [
      {
        "changes": [
          {
            "at": "6.2.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.1.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-authenticated-php-object-injection-vulnerability?_s_id=cve

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for CVELIST:CVE-2023-32795