Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPres Automattic WooCommerce插件安全漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Automattic WooCommerce plugin是使用在其中的一个电子商务功能插件。 WordPres Automattic WooCommerce插件3.2.4之前版本中存在安全漏洞。攻击者可借助特制的字符串利用该漏洞注入任意的PHP对象,执行恶意的操作(例如:执行任意代码并完全控制商店)。
CVSS Information
N/A
Vulnerability Type
N/A