Vulnerabilities > CVE-2019-12241 - Deserialization of Untrusted Data vulnerability in Carts.Guru Carts Guru 1.4.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
carts-guru
CWE-502
NVD
Published: 2019-05-20
Updated: 2019-05-27

Summary

The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.

Vulnerable Configurations

Part Description Count
Application
Carts.Guru
1

Common Weakness Enumeration (CWE)

References