๐Ÿ” CVE Alert

CVE-2023-32795

HIGH 8.2

WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection

CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3.

CWE CWE-502
Vendor woocommerce
Product product add-ons
Published Dec 28, 2023
Last Updated Apr 28, 2026
Stay Ahead of the Next One

Get instant alerts for woocommerce product add-ons

Be the first to know when new high vulnerabilities affecting woocommerce product add-ons are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
Low

Affected Versions

WooCommerce / Product Add-Ons
n/a โ‰ค 6.1.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-authenticated-php-object-injection-vulnerability?_s_id=cve

Credits

Rafie Muhammad (Patchstack)