WordPress eCommerce Product Catalog插件PHP对象注入漏洞

关键信息 漏洞概述 漏洞名称: WordPress eCommerce Product Catalog Plugin <= 3.4.3 is vulnerable to PHP Object Injection 优先级: Medium priority 受影响版本: <= 3.4.3 修复版本: 3.4.4 风险 描述: This vulnerability is moderately dangerous and expected to become exploited. 具体风险: PHP Object Injection could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more if a proper POP chain is present. 解决方案 1. 自动缓解漏洞: Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until you have updated to a fixed version. 2. 更新版本: Update to version 3.4.4 or later to remove the vulnerability. 时间线 报告日期: 23 May 2023 早期警告发送给Patchstack客户: 23 Jun 2023 发布日期: 28 Jun 2023 细节 软件: eCommerce Product Catalog 类型: Plugin 易受攻击的版本: <= 3.4.3 补丁版本: 3.4.4

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

WordPress eCommerce Product Catalog插件PHP对象注入漏洞

目标达成感谢每一位支持者 — 我们达成了 100% 目标！