Summaryinfo

A vulnerability classified as critical has been found in YITH WooCommerce Compare 2.0.9 on WordPress. Affected by this issue is some unknown functionality. Performing a manipulation results in code injection. No exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in YITH WooCommerce Compare 2.0.9 on WordPress (E-Commerce Management Software). It has been classified as critical. This affects some unknown processing. The manipulation with an unknown input leads to a code injection vulnerability. CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was published 11/08/2016 by Yorick Koster as YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability / OVE-20160803-0006 as confirmed mailinglist post (Full-Disclosure). It is possible to read the advisory at seclists.org. The public release has been coordinated with YITH. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1059 according to MITRE ATT&CK.

Upgrading to version 2.1.0 eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• E-Commerce Management Software

Vendor

• YITH

Name

• WooCommerce Compare

Version

• 2.0.9

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion