CVE-2023-0232 Information

Description

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data which could lead to PHP Object Injection.

Reference

https://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518 https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php