Lucene search
WPScanCVE-2023-0232HistoryFeb 21, 2023 - 9:15 a.m.
CVE-2023-0232
2023-02-2109:15:12
WPScan
web.nvd.nist.gov
36
shoplentor
wordpress
plugin
2.5.4
php
object injection
cookies
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.002
Percentile
60.0%
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.
Affected configurations
Node
hasthemesshoplentorRange<2.5.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hasthemes | shoplentor | * | cpe:2.3:a:hasthemes:shoplentor:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "ShopLentor",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.5.4"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
ShopLentor < 2.5.4 - PHP Object Injection
2023-01-28 00:00:00
nvd
nvd
CVE-2023-0232
2023-02-21 09:15:12
cvelist
cvelist
CVE-2023-0232 ShopLentor < 2.5.4 - PHP Object Injection
2023-02-21 08:51:02
prion
prion
Design/Logic Flaw
2023-02-21 09:15:00
openvas
openvas
WordPress ShopLentor Plugin < 2.5.4 Multiple Vulnerabilities
2023-02-28 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.002
Percentile
60.0%
Related for CVE-2023-0232