Login Sign Up

CVE-2023-0232

9.8 CRITICAL
Deserialization

📋 TL;DR

The ShopLentor (WooLentor) WordPress plugin before version 2.5.4 contains a PHP Object Injection vulnerability due to unsafe unserialization of user-controlled cookie data. This allows unauthenticated attackers to execute arbitrary code on affected WordPress sites. All WordPress installations using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • ShopLentor (WooLentor) WordPress Plugin
Versions: All versions before 2.5.4
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress with the ShopLentor plugin installed and activated.

📦 What is this software?

Shoplentor by Hasthemes

View all CVEs affecting Shoplentor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete site compromise, data theft, malware installation, or site defacement.

🟠

Likely Case

Remote code execution allowing attackers to gain administrative access, install backdoors, or pivot to other systems.

🟢

If Mitigated

Attack blocked at WAF level or plugin disabled, preventing exploitation.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing and the exploit requires no authentication.
🏢 Internal Only: LOW - This primarily affects public-facing WordPress installations.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward as it involves sending specially crafted cookies to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.4

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'ShopLentor' or 'WooLentor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.5.4+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable ShopLentor Plugin

linux

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate woolentor-addons

WAF Rule to Block Exploitation

all

Implement WAF rules to block requests containing serialized PHP objects in cookies.

🧯 If You Can't Patch

  • Remove or disable the ShopLentor plugin entirely
  • Implement strict WAF rules to block cookie-based PHP object injection attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for ShopLentor/WooLentor version. If version is below 2.5.4, the site is vulnerable.

Check Version:

wp plugin get woolentor-addons --field=version

Verify Fix Applied:

Verify plugin version is 2.5.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to WordPress endpoints with serialized data in cookies
  • PHP errors related to unserialize() in web server logs

Network Indicators:

  • HTTP requests with base64-encoded or serialized PHP objects in cookie headers

SIEM Query:

web_access_logs WHERE uri CONTAINS 'wp-content/plugins/woolentor-addons' AND cookie CONTAINS 'O:'

📊 Metadata

CVE ID: CVE-2023-0232
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: February 21, 2023
Last Updated: March 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON