Compare Products for WooCommerce PHP Object Injection Vulnerability

A PHP Object Injection vulnerability has been identified in the Compare Products for WooCommerce plugin for WordPress, affecting all versions through 3.2.1. The vulnerability arises from the deserialization of untrusted data in the 'woo_compare_list' cookie, allowing unauthenticated attackers to inject PHP objects. While the vulnerable plugin does not have a known payload execution chain, such a chain could potentially be exploited if an additional plugin or theme on the target site facilitates it, possibly leading to arbitrary file deletion, sensitive data exposure, or code execution.

Impact

Exploitation of this vulnerability could result in PHP Object Injection, with the potential for arbitrary file deletion, sensitive data retrieval, or code execution, depending on the presence of a suitable payload execution chain through another plugin or theme.

Reproduction

The vulnerability can be reproduced by sending a crafted 'woo_compare_list' cookie that includes serialized PHP objects. This can be done using browser developer tools or through a script that modifies cookie values. Once the cookie is set, the Compare Products for WooCommerce plugin will unserialize the data, leading to object injection.

Remediation

Users are advised to update the Compare Products for WooCommerce plugin to version 3.2.2, which includes a security patch for this vulnerability.