Description
WordPress Plugin Shoppable Images is prone to multiple vulnerabilities, including PHP object injection and cross-site request forgery vulnerabilities. A successful exploit may allow an attacker to execute arbitrary PHP code within the context of the affected webserver process or to perform certain administrative actions; other attacks are also possible. WordPress Plugin Shoppable Images version 1.0.0 is vulnerable.
Remediation
Update to plugin version 1.0.1 or latest
References
Related Vulnerabilities
WordPress Plugin Dexs PM System Cross-Site Scripting (1.0.1)
WordPress 4.9.x Denial of Service Vulnerability (4.9 - 4.9.4)
WordPress Plugin WPMovieLibrary Multiple Cross-Site Scripting Vulnerabilities (2.1.4.1)
PHP Other Vulnerability (CVE-2005-0525)
WordPress Plugin Dynamic Widgets 'id' Parameter Cross-Site Scripting (1.5.1)