PT-2026-20296 · WordPress+1 · Cart All In One For Woocommerce+1

Phap Nguyen Anh

Publicado

2026-02-18

Atualizado

2026-02-23

CVE-2026-2019

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cart All In One For WooCommerce versions prior to 1.1.22

Description The Cart All In One For WooCommerce plugin for WordPress is susceptible to code execution. This occurs because of inadequate input validation on the 'Assign page' field, which is directly passed to the eval() function. This allows authenticated attackers with Administrator-level access or higher to execute arbitrary PHP code on the server.

Recommendations Update Cart All In One For WooCommerce to version 1.1.22 or later.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2026-2019

Produtos afetados

Cart All In One For Woocommerce

Woocommerce

PT-2026-20296 · WordPress+1 · Cart All In One For Woocommerce+1

CVE-2026-2019

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10