Log out
Get PRO

Latest

Output validation vulnerability in YITH WooCommerce Compare 2.0.9

  • Severity: high-risk
  • Status: Fixed
  • Publication: November 8, 2016

The YITH WooCommerce Compare plugin for WordPress has a flaw that could allow unauthenticated attackers to inject malicious code into the plugin. If the plugin is on an older version (up to and including 2.0.9) attackers can inject a so-called “PHP Object” into the plugin through the ‘yith_woocompare_list’ cookie. This malicious code can allow the attacker to do anything from seeing private information to changing how the plugin functions. It has been confirmed that this vulnerability allows attackers to execute any code they want.

Detected in:

YITH WooCommerce Compare fixed vulnerable versions: >= * <= 2.0.9

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.