{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/woocommerce-infinite-scroll-and-ajax-pagination--1.8/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2025-11993"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["WooCommerce Infinite Scroll and Ajax Pagination \u003c= 1.8"],"_cs_severities":["high"],"_cs_tags":["php-object-injection","wordpress","woocommerce","cve-2025-11993"],"_cs_type":"advisory","_cs_vendors":["WooCommerce"],"content_html":"\u003cp\u003eThe WooCommerce Infinite Scroll and Ajax Pagination plugin, versions 1.8 and earlier, contains a PHP Object Injection vulnerability (CVE-2025-11993). The vulnerability exists within the \u0026lsquo;import_settings\u0026rsquo; function, which fails to properly validate data supplied via the \u0026lsquo;settings\u0026rsquo; parameter during the import configuration process. This allows authenticated attackers with Subscriber-level access or higher to inject PHP objects by exploiting the deserialization of untrusted data. While the vulnerable plugin itself lacks a Property-Oriented Programming (POP) chain, the presence of such a chain in another plugin or theme installed on the target WordPress system could allow for arbitrary file deletion, sensitive data retrieval, or even code execution. This vulnerability poses a significant risk to WordPress sites utilizing the affected plugin and underscores the importance of careful input validation and regular security audits.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to a WordPress site with at least Subscriber-level privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing a serialized PHP object designed to exploit a POP chain present in another installed plugin or theme.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the import configuration functionality of the \u0026ldquo;WooCommerce Infinite Scroll and Ajax Pagination\u0026rdquo; plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious serialized PHP object into the \u0026lsquo;settings\u0026rsquo; parameter of the \u0026lsquo;import_settings\u0026rsquo; function.\u003c/li\u003e\n\u003cli\u003eThe application deserializes the malicious PHP object without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eIf a suitable POP chain exists within the WordPress installation, the deserialized object triggers a sequence of method calls.\u003c/li\u003e\n\u003cli\u003eThe POP chain is exploited to perform unauthorized actions such as deleting arbitrary files, retrieving sensitive information from the database (wp-config.php), or executing arbitrary PHP code.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution on the target server, potentially compromising the entire WordPress site.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2025-11993) could allow an attacker to gain complete control of a vulnerable WordPress website. Depending on the available POP chains, attackers could delete critical files, steal sensitive information, or inject malicious code to further compromise the server and its hosted data. The number of affected sites is potentially large, given the widespread usage of WordPress and the WooCommerce plugin.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u0026ldquo;WooCommerce Infinite Scroll and Ajax Pagination\u0026rdquo; plugin to a patched version beyond 1.8 to remediate CVE-2025-11993.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect WooCommerce Infinite Scroll PHP Object Injection Attempt\u0026rdquo; to identify exploitation attempts targeting the \u0026lsquo;import_settings\u0026rsquo; function.\u003c/li\u003e\n\u003cli\u003eRegularly audit installed WordPress plugins and themes for potential POP chains to reduce the risk of successful exploitation.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization measures to prevent deserialization of untrusted data.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T07:18:40Z","date_published":"2026-05-29T07:18:40Z","id":"https://feed.craftedsignal.io/briefs/2026-05-woocommerce-php-object-injection/","summary":"The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection (CVE-2025-11993) due to deserialization of untrusted data in the 'import_settings' function, potentially leading to arbitrary code execution if a suitable POP chain is present.","title":"WooCommerce Infinite Scroll Plugin Vulnerable to PHP Object Injection (CVE-2025-11993)","url":"https://feed.craftedsignal.io/briefs/2026-05-woocommerce-php-object-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — WooCommerce Infinite Scroll and Ajax Pagination \u003c= 1.8","version":"https://jsonfeed.org/version/1.1"}