WordPress Welcart e-Commerce plugin <= 1.9.35 - Authenticated PHP Object Injection vulnerability

2020-11-0500:00:00

Ramuel Gall

patchstack.com

0.001 Low

EPSS

Percentile

40.7%

Authenticated PHP Object Injection vulnerability found by Ramuel Gall in WordPress Welcart e-Commerce plugin (versions <= 1.9.35).

Solution

           Update the WordPress Welcart e-Commerce plugin to the latest available version (at least 1.9.36).

CPENameOperatorVersion
welcart e-commercele1.9.35

CPE	Name	Operator	Version
	welcart e-commerce	le	1.9.35

wordpress.org/plugins/usc-e-shop/#developers

www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/

0.001 Low

EPSS

Percentile

40.7%

Related for PATCHSTACK:937869824EF028BB2B734974F73C09C1