CVE-2024-12313

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jan 7, 2025
CWE ID 502

Summary

CVE-2024-12313 is a vulnerability affecting the Compare Products for WooCommerce plugin for WordPress. In all versions up to 3.2.1, this plugin is susceptible to PHP Object Injection due to deserialization of untrusted input from the 'woo_compare_list' cookie. This weakness enables unauthenticated attackers to inject a PHP Object. The presence of a potential POP chain, which could be introduced by additional plugins or themes, might allow the adversary to execute arbitrary code, delete files, or obtain sensitive data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share