Support » Plugin: Product Catalog » Vulnerability

  • Resolved Samuel Elh

    (@elhardoum)


    Just a heads-up, please see this [exploit-db (dot) com/exploits/43065/]

    There are many core WordPress objects that could be used to perform unwanted activities while unserializing user input, and oh, plugins..

    Try not to use unserialize when you are not sure how safe are the arguments you’re passing. Try to place the product IDs as CSV (comma-separated values) instead (in your JavaScript or wherever you’re storing that cookie), and then explode the commas to produce an array and validate it since the product IDs should consist of numbers.

    Anyways it’s just a suggestion, have fun making the world a better place 🙂

Viewing 1 replies (of 1 total)
  • Plugin Contributor EtoileWebDesign

    (@etoilewebdesign)

    Hi Samuel,

    Thanks for the feedback. We’ve just released an update that doesn’t use unserialize. In the future, could you please email us first about something like this, instead of posting it publicly, so we can have a look?

Viewing 1 replies (of 1 total)
  • The topic ‘Vulnerability’ is closed to new replies.