Lucene search

PatchstackCVELIST:CVE-2023-34382

HistoryDec 19, 2023 - 7:40 p.m.

CVE-2023-34382 WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection

2023-12-1919:40:58

CWE-502

Patchstack

www.cve.org

wordpress

dokan plugin

php object injection

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "dokan-lite",
    "product": "Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy",
    "vendor": "weDevs",
    "versions": [
      {
        "changes": [
          {
            "at": "3.7.20",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.7.19",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/dokan-lite/wordpress-dokan-plugin-3-7-19-php-object-injection-vulnerability?_s_id=cve

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for CVELIST:CVE-2023-34382