Unrated severityOSV Advisory· Published Jan 15, 2019· Updated Aug 5, 2024
CVE-2017-18356
CVE-2017-18356
Description
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 1.0, 1.0.1, 1.0.2, …
Patches
Vulnerability mechanics
References
2- blog.ripstech.com/2018/woocommerce-php-object-injection/mitrex_refsource_MISC
- woocommerce.wordpress.com/2017/11/16/woocommerce-3-2-4-security-fix-release-notes/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.