← back
CVE-2023-0232

ShopLentor < 2.5.4 - PHP Object Injection

CVSS 9.8 CRITICALEPSS 3.3%
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Unknown · ShopLentor
public PoCs found1
cve_referencewpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.phphttps://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518