Lucene search
Ethicalhack3rWPVDB-ID:1D0470DF-4671-47AC-8D87-A165E8F7D502HistoryNov 16, 2017 - 12:00 a.m.
WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
2017-11-1600:00:00
ethicalhack3r
wpscan.com
12
0.001 Low
EPSS
Percentile
40.9%
Versions 3.2.3 and earlier are affected by an issue where cached queries within shortcodes could lead to object injection. This is related to the recent WordPress 4.8.3 security release. This issue can only be exploited by users who can edit content and add shortcodes, but we still recommend all users running WooCommerce 3.x upgrade to 3.2 to mitigate this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce | lt | 3.2.4 |
Related
openvas
openvas
WordPress WooCommerce Plugin Privilege Escalation Vulnerability - Windows
2019-01-16 00:00:00
WordPress WooCommerce Plugin < 3.2.4 Privilege Escalation Vulnerability
2019-01-16 00:00:00
osv
osv
CVE-2017-18356
2019-01-15 16:29:00
cve
cve
CVE-2017-18356
2019-01-15 16:29:00
veracode
veracode
Object Injection
2019-01-16 07:09:47
nvd
nvd
CVE-2017-18356
2019-01-15 16:29:00
prion
prion
Design/Logic Flaw
2019-01-15 16:29:00
cvelist
cvelist
CVE-2017-18356
2019-01-15 16:00:00