CVE-2023-5952

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/12/2023
Last modified:
20/02/2025

Description

The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:* 2.9.5 (excluding)