CVE-2024-8030

Name of the Vulnerable Software and Affected Versions: The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin versions up to, and including, 2.0.3

Description: The issue is related to PHP Object Injection via deserialization of untrusted input via the ultimate store kit wishlist cookie. This allows an unauthenticated attacker to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Recommendations: For versions up to, and including, 2.0.3, upgrade to a newer version to patch the vulnerability. As a temporary workaround, consider restricting access to the ultimate store kit wishlist cookie to minimize the risk of exploitation. Additionally, ensure that no POP chain is present in any installed plugins or themes to prevent further exploitation.