CVE-2020-28339

Опубликовано: 07 нояб. 2020

Источник: nvd

CVSS3: 7.5

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.

Ссылки

https://wordpress.org/plugins/usc-e-shop/#developers
Product
Third Party Advisory
https://www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/
Exploit
Third Party Advisory
https://wordpress.org/plugins/usc-e-shop/#developers
Product
Third Party Advisory
https://www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:*

Версия до 1.9.36 (исключая)

EPSS

Процентиль: 74%

0.00848

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-vh49-3q2g-93gh

CVSS3: 8.8

github

больше 3 лет назад

The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.

EPSS

Процентиль: 74%

0.00848

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502