ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WooCommerce plugin <= 3.4.4 - Potential Object Injection vulnerability

Product
WooCommerce
Description
According to WooCommerce, versions, 3.4.4 and earlier are affected by an issue where a function that updates attributes could lead to object injection, related to the WordPress 4.8.3 security release.
Solution
Update the WordPress WooCommerce plugin to the latest available version (at least 3.4.5).
Classification
Type Unknown
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 3.4.4
Fixed In 3.4.5
Disclosure date
2018-09-01
Credits
WooCommerce
Submitter
ThreatPress