Novalnet Payment Gateway For Woocommerce
Monthly
Unauthenticated PHP Object Injection in the Novalnet Payment Gateway for WooCommerce WordPress plugin (versions 12.10.3 and earlier) lets remote attackers submit crafted serialized objects that the plugin deserializes, per CVSS enabling full compromise of confidentiality, integrity, and availability. The flaw is network-reachable without authentication or user interaction and carries a critical 9.8 CVSS score. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Unauthenticated PHP Object Injection in the Novalnet Payment Gateway for WooCommerce WordPress plugin (versions 12.10.3 and earlier) lets remote attackers submit crafted serialized objects that the plugin deserializes, per CVSS enabling full compromise of confidentiality, integrity, and availability. The flaw is network-reachable without authentication or user interaction and carries a critical 9.8 CVSS score. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.