WooCommerce <= 3.4.5 – Authenticated Object Injection

October 22, 2018
woocommerce Theme Builder Layout
According to WooCommerce:

 "Versions 3.4.5 and earlier are affected by a handful of issues that allow Shop Managers to exceed their capabilities and perform malicious actions. These issues can be exploited by users with Shop Manager capabilities or greater, and we recommend all users running WooCommerce 3.x upgrade to 3.4.6 to mitigate them. Thanks to Simon Scannell, Karim, and Slavco for reporting the issues."

See references for PoC and further technical details.

Share this article:

eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:


Related Posts

2019-fall-hackathon-propelling-wp-engine-forward-faster Theme Builder Layout

2019 Fall Hackathon: Propelling WP Engine Forward, Faster

WP Engine, like any engine, needs fuel to press ahead. Innovation is the spark that ignites and propels us forward faster, and to keep that ingenious spark lit, we actively foster a creative and collaborative environment at WP Engine where cutting-edge ideas can take...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.