CVE-2023-0232

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php	Patch
https://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518	Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php	Patch
https://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hasthemes:shoplentor:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2023-02-21 09:15

Updated : 2025-03-12 21:15

NVD link : CVE-2023-0232

Mitre link : CVE-2023-0232

CVE.ORG link : CVE-2023-0232

JSON object : View

Products Affected

hasthemes

shoplentor

CWE

No CWE.

{"id": "CVE-2023-0232", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-02-21T09:15:12.107", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php", "tags": ["Patch"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection."}], "lastModified": "2025-03-12T21:15:40.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hasthemes:shoplentor:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4B26359F-D99E-47FB-8B08-38582D9AB8C4", "versionEndExcluding": "2.5.4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}