ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Shoppable Images Lite plugin <=1.0.0 - Cross-Site Request Forgery (CSRF)/PHP Object Injection Vulnerabilities

Product
Shoppable Images Lite
Description
WordPress Shoppable Images Lite plugin Cross-Site Request Forgery (CSRF)/PHP Object Injection Vulnerabilities were found in the show_admin_notices function. The value of $_GET nonce variable is unserialized, which allows PHP object injection.
Solution
Update the plugin.
Classification
Type Multi
References
Pluginvulnerabilities
Changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.0
Fixed In 1.0.1
Disclosure date
2017-09-25
Credits
pluginvulnerabilities