Lucene search

PatchstackCVELIST:CVE-2023-49777

HistoryDec 31, 2023 - 10:11 a.m.

CVE-2023-49777 WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection

2023-12-3110:11:30

CWE-502

Patchstack

www.cve.org

wordpress

woocommerce

product add-ons

php

object injection

vulnerability

deserialization

yith

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "yith-woocommerce-product-add-ons",
    "product": "YITH WooCommerce Product Add-Ons",
    "vendor": "YITH",
    "versions": [
      {
        "changes": [
          {
            "at": "4.3.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.3.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-extra-options-plugin-4-3-0-php-object-injection-vulnerability?_s_id=cve

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for CVELIST:CVE-2023-49777