CVE-2024-13824 – CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection

https://notcve.org/view.php?id=CVE-2024-13824

13 Mar 2025 — The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the s... • https://themeforest.net/item/ciyashop-responsive-multipurpose-woocommerce-wordpress-theme/22055376#item-description__changelog • CWE-502: Deserialization of Untrusted Data •