CVE-2023-5952

Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection

EPSS 1.3%

The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog

Affected products

Unknown · Welcart e-Commerce

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7