ThreatPress

WordPress Vulnerability Database

Back

WordPress Welcart e-Commerce plugin <= 1.9.35 - Authenticated PHP Object Injection vulnerability

Product
Welcart e-Commerce
Description
Authenticated PHP Object Injection vulnerability found by Ramuel Gall in WordPress Welcart e-Commerce plugin (versions <= 1.9.35).
Solution
Update the WordPress Welcart e-Commerce plugin to the latest available version (at least 1.9.36).
Classification
Type PHP Object Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
Vulnerability details
CVE
Name CVE-2020-28339
Versions
Affected In <= 1.9.35
Fixed In 1.9.36
Disclosure date
2020-11-05
Credits
Ramuel Gall