CVE-2023-0232

Published: Feb 21, 2023Modified: Mar 12, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

Affected (1)

Products: Hasthemes: Shoplentor

Hasthemes

1 product

Shoplentor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hasthemes Shoplentor	Before 2.5.4

References (4)

https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php

Source: contact@wpscan.com

Patch

https://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518

Source: contact@wpscan.com

ExploitThird Party Advisory

https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.