What the vulnerability does
01Description
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
Explanation of Vulnerability in Simple Terms
02Summary
WP eCommerce versions 3.15.1 and earlier contain an unspecified vulnerability. Insufficient metadata prevents detailed risk assessment. Site administrators should monitor for vendor security advisories and consider updating to a version newer than 3.15.1 when available.
What an attacker can do
03Attacker Capabilities
Unknown; insufficient vulnerability details provided.
Potential impact on your site
04Site Impact
Unknown impact; patch status and severity cannot be determined from available data.
Conditions required to exploit
05Prerequisites
Unknown; insufficient vulnerability details provided.
Key dates
06Disclosure timeline
February 11, 2026
CVE published
April 2, 2026
Record updated