Lucene search

PatchstackCVELIST:CVE-2023-52218

HistoryJan 08, 2024 - 5:34 p.m.

CVE-2023-52218 WordPress WooCommerce Tranzila Gateway Plugin <= 1.0.8 is vulnerable to PHP Object Injection

2024-01-0817:34:19

CWE-502

Patchstack

www.cve.org

wordpress

woocommerce

tranzila

gateway

plugin

php object injection

vulnerability

anton bond

payment gateway

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

31.1%

JSON

Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woo-tranzila-gateway",
    "product": "Woocommerce Tranzila Payment Gateway",
    "vendor": "Anton Bond",
    "versions": [
      {
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woo-tranzila-gateway/wordpress-woocommerce-tranzila-gateway-plugin-1-0-8-unauthenticated-php-object-injection-vulnerability?_s_id=cve

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

31.1%

JSON

Related for CVELIST:CVE-2023-52218