CVE-2024-34751 – WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-34751

Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9. Vulnerabilidad de deserialización de datos no confiables en WebToffee Order Export &amp; Order Import para WooCommerce. Este problema afecta Order Export &amp; Order Import for WooCommerce: desde n/a hasta 2.4.9. The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.9 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-9-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •