← back
CVE-2023-5952

Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection

EPSS 1.3%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Dec 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
Affected products
Unknown · Welcart e-Commerce

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7