Lucene search
Veracode Vulnerability DatabaseVERACODE:13240HistoryJan 16, 2019 - 7:09 a.m.
Object Injection
2019-01-1607:09:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.001 Low
EPSS
Percentile
40.9%
woocommerce/woocommerce is susceptible to PHP object injection attack. It allows an attacker to access an account with shop manager privilege just by querying products by shortcode via the function WC_Shortcode_Products::get_products() from includes/shortcodes/class-wc-shortcode-products.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce/woocommerce | le | 3.2.3 |
Related
openvas
openvas
WordPress WooCommerce Plugin Privilege Escalation Vulnerability - Windows
2019-01-16 00:00:00
WordPress WooCommerce Plugin < 3.2.4 Privilege Escalation Vulnerability
2019-01-16 00:00:00
osv
osv
CVE-2017-18356
2019-01-15 16:29:00
cve
cve
CVE-2017-18356
2019-01-15 16:29:00
wpvulndb
wpvulndb
WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
2017-11-16 00:00:00
nvd
nvd
CVE-2017-18356
2019-01-15 16:29:00
prion
prion
Design/Logic Flaw
2019-01-15 16:29:00
cvelist
cvelist
CVE-2017-18356
2019-01-15 16:00:00