CVE-2024-12721 – WooCommerce Custom Product Tabs PHP Object Injection Vulnerability

12月 21, 2024
8:16 am

CVE ID : CVE-2024-12721

Published : Dec. 21, 2024, 7:15 a.m. | 1 hour, 1 minute ago

Description : The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the ‘wb_custom_tabs’ parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12721 – WooCommerce Custom Product Tabs PHP Object Injection Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12884 – Codezips E-Commerce Website SQL Injection

CVE-2024-51463 – IBM i SSRF

CVE-2024-51464 – IBM Navigator for i Access Bypass Vulnerability

CVE-2024-12883 – Code-projects Job Recruitment Cross Site Scripting

CVE-2024-12875 – Easy Digital Downloads WordPress Directory Traversal Vulnerability

CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability

CVE-2024-12721 – WooCommerce Custom Product Tabs PHP Object Injection Vulnerability

CVE-2024-12721 – WooCommerce Custom Product Tabs PHP Object Injection Vulnerability