WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection
CVE-2023-32795

8.2HIGH

Key Information:

Vendor

WordPress
Status
Product Add-ons
Vendor
CVE Published:
28 December 2023

What is CVE-2023-32795?

A deserialization vulnerability has been discovered in the WooCommerce Product Add-Ons plugin, which may allow an attacker to exploit untrusted data. This issue can lead to PHP object injection, potentially compromising site security and user data integrity. Affected versions range from unspecified up to 6.1.3, making it essential for site administrators to update their plugins to mitigate associated risks.

Affected Version(s)

Product Add-Ons <= 6.1.3

References

https://patchstack.com/database/vulnerability/woocommerce...
vdb-entry

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.