WordPress Ultimate Product Catalog plugin <= 4.2.24 - PHP Object Injection
A vulnerability exists in UPCPAddToCart function. There the cookie is unserialized which means an attacker can create a malicious user input to create a PHP object injection. Solution Update the plugin...