CVE-2024-11465
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2024-11465 is a vulnerability affecting the Custom Product Tabs plugin for WooCommerce on WordPress. The issue, present in all versions up to 1.8.5, allows authenticated attackers with Shop Manager-level access or higher to inject PHP Objects through deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This vulnerability could potentially be exploited to delete files, retrieve sensitive data, or execute code. No known Pop chain is present in the vulnerable software, but if one exists via an additional plugin or theme, the attacker could further escalate privileges.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.