What the vulnerability does
01Description
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.
Explanation of Vulnerability in Simple Terms
WooCommerce PDF Invoices & Packing Slips before version 5.9.0 deserializes untrusted data without proper validation. An authenticated admin can craft malicious serialized objects to execute arbitrary PHP code on the site. This requires admin-level access but can lead to complete site compromise.
What an attacker can do
Run arbitrary PHP code on the site with full admin privileges.
Potential impact on your site
A compromised admin account can execute code, modify data, and take full control of your site.
Conditions required to exploit
Attacker must have admin-level access to the WordPress site.
Key dates
External resources
Related vulnerabilities