Hackers try to exploit them vulnerabilities SQL injection, καθώς και τρωτά σημεία better safetyς scripting (XSS) in woocommerce a WordPress plugin with more than 30.000 installations.
Discount Rules for WooCommerce is a plugin that makes it easy to manage product prices in WooCommerce online stores.
The security flaws identified and reported by WebARX could allow attackers to potentially execute code remotely to the vulnerable addresses and actions with administrator rights.
WebARX reported vulnerabilities to the plugin development team on August 7th, and in less than a week, on August 13th, version 2.1.0 updated the code for these vulnerabilities.
Based on analysis του Jong για αυτά τα τρωτά σημεία, θα μπορούσαν να επιτρέψουν στους επιτιθέμενους χωρίς έλεγχο ταυτότητας να ανακτήσουν μια λίστα όλων των χρηστών και των κωδικών κουπονιών, να εισχωρήσουν με XSS στην σελίδα διαχείρισης μιας και να τρέξουν απομακρυσμένα κώδικα.
At least 17.000 online stores are exposed to attacks
The developer of the plugin repaired the vulnerabilities on August 13th.
Despite this, the plugin has been downloaded over 12.000 times in the last 7 days based on the download history provided by the WordPress page. With these numbers representing the total number of updates and new installations.
This means that at least 17.000 WordPress pages that use WooCommerce, and have the plugin enabled, are still exposed to constant attacks.