woocommerce WooCommerce <= 3.4.5 – Authenticated Object Injection
Description
According to WooCommerce:

 "Versions 3.4.5 and earlier are affected by a handful of issues that allow Shop Managers to exceed their capabilities and perform malicious actions. These issues can be exploited by users with Shop Manager capabilities or greater, and we recommend all users running WooCommerce 3.x upgrade to 3.4.6 to mitigate them. Thanks to Simon Scannell, Karim, and Slavco for reporting the issues."

See references for PoC and further technical details.

SEO News and More

SEO News and More

Share This