What the vulnerability does
01Description
Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.
Explanation of Vulnerability in Simple Terms
The Advanced Product Fields plugin for WooCommerce versions up to 1.6.19 contain a deserialization vulnerability in how they process untrusted data. An authenticated attacker with high privileges can exploit this to read sensitive site data, modify content, or disrupt site availability. Site owners should update immediately to a patched version.
What an attacker can do
Read sensitive data, modify site content, or cause the site to become unavailable.
Potential impact on your site
Your site's data confidentiality, integrity, and availability are at risk if a privileged user account is compromised.
Conditions required to exploit
Attacker must have high-level admin or equivalent privileges on the WordPress site.
Key dates
External resources
Related vulnerabilities