The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
To simulate a gadget chain, put the following code in a plugin class Evil { public function __wakeup() : void { die(“Arbitrary deserialization”); } } Then import the following payload via WooCommerce > Checkout Form > Advanced Settings > Backup and Import Settings: Tzo0OiJFdmlsIjowOnt9Ow== Tzo0OiJFdmlsIjowOnt9Ow== being the base64 encode of serialized object: O:4:“Evil”:0:{};
CPE | Name | Operator | Version |
---|---|---|---|
woo-checkout-field-editor-pro | lt | 1.8.0 |