PHP Object Injection Vulnerability in Welcart e-Commerce Plugin for WordPress
CVE-2016-4825

5.6MEDIUM

Key Information:

Vendor
Wordpress
Status
Welcart E-commerce
Vendor
CVE Published:
25 June 2016

Summary

The Welcart e-Commerce plugin for WordPress versions prior to 1.8.3 is susceptible to PHP object injection vulnerabilities. This allows remote attackers to craft malicious serialized data, which upon being processed can lead to the execution of arbitrary PHP code on the hosting server. This risk underscores the importance of updating the plugin to the latest version to mitigate potential exploits and ensure the security of e-commerce operations.

References

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000115
third-party-advisoryx_refsource_JVNDB
http://www.welcart.com/community/archives/78977
x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN47363774/index.html
third-party-advisoryx_refsource_JVN

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.