CVE-2026-1235 - CERT CVE

  1. CVE-2026-1235

ID CVE-2026-1235
Sažetak The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
Reference
CVSS
Base: 6.5
Impact: 3.7
Exploitability:2.2
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Zadnje važnije ažuriranje 11-02-2026 - 16:16
Objavljeno 11-02-2026 - 06:15