Best WooCommerce Builder for Elementor: Customize Checkout, Shop, Product & More With CoDesigner, CVE-2024-4371
- CVE, Research URL
- Home page URL
- Application
-
Best WooCommerce Builder for Elementor: Customize Checkout, Shop, Product & More With CoDesigner
- Published on
- Jun 13, 2024
- Research Description
- The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
- Affected versions
-
max 4.5.
- Status
-
vulnerable