Skip to main content

Novalnet Payment Gateway For Woocommerce

1 CVEs product

Monthly

CVE-2026-57677 CRITICAL Act Now

Unauthenticated PHP Object Injection in the Novalnet Payment Gateway for WooCommerce WordPress plugin (versions 12.10.3 and earlier) lets remote attackers submit crafted serialized objects that the plugin deserializes, per CVSS enabling full compromise of confidentiality, integrity, and availability. The flaw is network-reachable without authentication or user interaction and carries a critical 9.8 CVSS score. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

WordPress Deserialization PHP Novalnet Payment Gateway For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP Object Injection in the Novalnet Payment Gateway for WooCommerce WordPress plugin (versions 12.10.3 and earlier) lets remote attackers submit crafted serialized objects that the plugin deserializes, per CVSS enabling full compromise of confidentiality, integrity, and availability. The flaw is network-reachable without authentication or user interaction and carries a critical 9.8 CVSS score. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

WordPress Deserialization PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy