Overview
- Description
- The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security@wordfence.com
- CWE-502
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10828 (Published: 2024-11-13) - A critical vulnerability in WooCommerce affects versions of Woo Order Export Lite. Ensure your plugin is updated to the latest version to mitigate risks. Check the details here: https://t.co/gGlO9Sy0lV #WooCommerce #Security
@transilienceai
13 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10828 (Published: 2024-11-13) - High severity vulnerability in WooCommerce. Affects versions of Woo Order Export Lite. 🛠️ Remediation: Update to the latest version to mitigate risks. For more details, check the code here: https://t.co/xb3hgqg5CO #WooCommerce #Securit
@transilienceai
13 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10828 (Published: 2024-11-13) - A high-severity vulnerability in WooCommerce affects versions of Woo Order Export Lite. 🛡️ Remediation is crucial! Ensure you update to the latest version to protect your site. For details, check the code here: https://t.co/xb3hgqg5CO…
@transilienceai
13 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes