woocommerce/woocommerce is susceptible to PHP object injection attack. It allows an attacker to access an account with shop manager privilege just by querying products by shortcode via the function WC_Shortcode_Products::get_products()
from includes/shortcodes/class-wc-shortcode-products.php
.
CPE | Name | Operator | Version |
---|---|---|---|
woocommerce/woocommerce | le | 3.2.3 |