CVE-2024-12313
CVSS 3.1 Score 8.1 of 10 (high)
Details
Published Jan 7, 2025
CWE ID 502
Summary
CVE-2024-12313 is a vulnerability affecting the Compare Products for WooCommerce plugin for WordPress. In all versions up to 3.2.1, this plugin is susceptible to PHP Object Injection due to deserialization of untrusted input from the 'woo_compare_list' cookie. This weakness enables unauthenticated attackers to inject a PHP Object. The presence of a potential POP chain, which could be introduced by additional plugins or themes, might allow the adversary to execute arbitrary code, delete files, or obtain sensitive data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share