CVE-2023-0232

Name of the Vulnerable Software and Affected Versions ShopLentor WordPress plugin versions prior to 2.5.4

Description The issue arises from the plugin unserializing user input from cookies to track viewed products and user data, potentially leading to PHP Object Injection. This could allow an attacker to inject malicious PHP objects, compromising the security of the system.

Recommendations For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue. As a temporary workaround, consider disabling the tracking of viewed products and user data via cookies until the update is applied. Restrict access to sensitive data and functions that may be exploited through PHP Object Injection to minimize the risk of exploitation.