Hackers try to exploit SQL injection vulnerabilities as well as vulnerabilities in scripting security (XSS) in WooCommerce a WordPress plugin with more than 30.000 installations.
The Discount Rules for WooCommerce is a plugin that makes it easy to manage product prices in online stores WooCommerce.
Security vulnerabilities identified and reported by WebARX could allow intruders to possibly execute remote code in vulnerable addresses and administrator-enabled actions.
WebARX reported the vulnerabilities to the plugin development team on August 7, and in less than a week, on August 13, version 2.1.0 updated the code for these vulnerabilities.
Based on Jong's analysis of these vulnerabilities, they could allow attackers without authentication to retrieve a list of all users and coupon codes, enter the admin page with XSS, and run remote code.
At least 17.000 online stores are exposed to attacks
The developer of the plugin fixed the vulnerabilities on August 13th.
Despite this, the plugin has been downloaded over 12.000 times in the last 7 days based on the download history provided by the WordPress page. With these numbers representing the total number of updates and new installations.
This indicates that at least 17.000 WordPress pages use the WooCommerce, and have the plugin enabled, are still exposed to constant attacks.
Wacker: Breaking WPA3 using dictionary
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators