Design/Logic Flaw

2020-11-0719:15:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.

CPENameOperatorVersion
welcart_e-commercelt1.9.36

CPE	Name	Operator	Version
	welcart_e-commerce	lt	1.9.36

References

wordpress.org/plugins/usc-e-shop/

www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/