Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi

链接： https://github.com/advisories/GHSA-fq9w-fp93-3f95

CVSS 评分： 9.8

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-49417
https://patchstack.com/database/wordpress/plugin/woo-product-multiaction/vulnerability/wordpress-woocommerce-product-multi-action-1-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve
https://github.com/advisories/GHSA-fq9w-fp93-3f95

描述：

Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action allows Object Injection. This issue affects WooCommerce Product Multi-Action: from n/a through 1.3.

安全公告

#Github Advisory

Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi

http://example.com/2025/07/04/github_2365357107/

作者

lianccc

发布于

2025年7月4日

许可协议

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 上一篇

Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy 下一篇