CVE-2023-5952

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.7%
top 28.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Welcart E-commerceWelcart Welcart E-commerce
Timeline
PublishedDec 4
Latest updateDec 5

Description

The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/welcart_e-commerce< 2.9.5

🔴Vulnerability Details

2
GHSA
GHSA-55r4-r6gc-57rx: The Welcart e-Commerce WordPress plugin before 22023-12-05
CVEList
Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection2023-12-04
CVE-2023-5952 (CRITICAL CVSS 9.8) | The Welcart e-Commerce WordPress pl | cvebase.io