CVE-2023-32242 – CVE-2023-32242 is a PHP object injection vulner... (How to Fix)

Q: What is the severity of CVE-2023-32242?

CVE-2023-32242 has a CVSS score of 9.8 (CRITICAL). CVE-2023-32242 is a PHP object injection vulnerability in the WoodMart WordPress theme that allows attackers to execute arbitrary code through deserialization of untrusted data. This affects all WordPress sites using WoodMart theme versions up to 1.0.36. Attackers can potentially take full control of affected websites.

📋 TL;DR

CVE-2023-32242 is a PHP object injection vulnerability in the WoodMart WordPress theme that allows attackers to execute arbitrary code through deserialization of untrusted data. This affects all WordPress sites using WoodMart theme versions up to 1.0.36. Attackers can potentially take full control of affected websites.

💻 Affected Systems

Products:

WoodMart - Multipurpose WooCommerce Theme

Versions: All versions up to and including 1.0.36

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with WoodMart theme active. No special configuration required.

📦 What is this software?

Woodmart by Xtemos

View all CVEs affecting Woodmart →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the WordPress site leading to data theft, defacement, malware distribution, or use as part of a botnet.

🟠

Likely Case

Remote code execution allowing attackers to install backdoors, create admin users, or steal sensitive data.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though the core vulnerability remains.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing and the vulnerability requires no authentication.

🏢 Internal Only: LOW - This is primarily a web application vulnerability affecting internet-facing WordPress installations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available. Attack requires no authentication and is relatively simple to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.37 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for WoodMart theme updates. 4. Update to version 1.0.37 or later. 5. Clear any caching plugins.

🔧 Temporary Workarounds

Disable vulnerable theme

all

Temporarily switch to a different WordPress theme until patch can be applied

Web Application Firewall rule

all

Block requests containing serialized PHP objects in WoodMart-related endpoints

🧯 If You Can't Patch

Implement strict input validation on all user-supplied data
Deploy a web application firewall with rules to detect and block PHP object injection attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes > WoodMart theme version. If version is 1.0.36 or lower, you are vulnerable.

Check Version:

wp theme list --field=name,version --format=csv | grep woodmart

Verify Fix Applied:

Verify WoodMart theme version is 1.0.37 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WoodMart theme endpoints
PHP errors related to unserialize() function
Unexpected file uploads or modifications

Network Indicators:

HTTP requests containing serialized PHP objects to WoodMart-specific URLs
Unusual outbound connections from WordPress server

SIEM Query:

source="wordpress.log" AND ("woodmart" OR "unserialize") AND status=200

📊 Metadata

CVE ID: CVE-2023-32242

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: December 21, 2023

Last Updated: August 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32242, you might also want to check these: