CVE-2023-0232

Summary

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

Affected Software

VendorProductVersion RangeStatus
UnknownShopLentor0 < 2.5.4affected

Weaknesses

  • CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References