WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection
CVE-2023-32795

8.2HIGH

Key Information:

Vendor: WordPress
Status: Product Add-ons
Vendor: CVE Published:; 28 December 2023

What is CVE-2023-32795?

A deserialization vulnerability has been discovered in the WooCommerce Product Add-Ons plugin, which may allow an attacker to exploit untrusted data. This issue can lead to PHP object injection, potentially compromising site security and user data integrity. Affected versions range from unspecified up to 6.1.3, making it essential for site administrators to update their plugins to mitigate associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Product Add-Ons <= 6.1.3

References

https://patchstack.com/database/vulnerability/woocommerce...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 28, 2023
Vulnerability Reserved
May 15, 2023

Credit

Rafie Muhammad (Patchstack)

JSON

WordPress