Object Injection Vulnerability in WC Price History for Omnibus by Konrad Karpieszuk
CVE-2025-22510
7.2HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 January 2025
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2025-22510?
A deserialization vulnerability exists in the WC Price History for Omnibus plugin by Konrad Karpieszuk, allowing for object injection attacks. This vulnerability affects versions from n/a through 2.1.4, potentially enabling unauthorized execution of code and data manipulation within the application.
Affected Version(s)
WC Price History for Omnibus 0 <= 2.1.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.