Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider 2.0.3

  • Severity: critical
  • Status: Fixed
  • Publication: August 27, 2024

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, and Woocommerce Slider plugin has a vulnerability that allows an attacker to inject a PHP Object. This can happen when untrusted information is used in the _ultimate_store_kit_wishlist cookie. The vulnerability exists in versions up to and including 2.0.3. If there is a POP chain (a chain of plugins or themes) installed on the target system, the attacker may be able to delete files, access private information, or run code.

Detected in:

Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor fixed vulnerable versions:
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder fixed vulnerable versions: >= * <= 2.0.3

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.