WordPress sites vulnerable to WooCommerce plugin flaw | Cyber Security

0
Want create site? Find Free WordPress Themes and plugins.

 

Researchers have published details of a dangerous in the way the hugely popular interacts with that could allow an attacker with access to a single account to take over an entire site.

WooCommerce’s four million plus users were first alerted to the issue a few weeks back in the release notes for the updated version:

Versions 3.4.5 and earlier are affected by a handful of issues that allow Shop Managers to exceed their capabilities and perform malicious actions.

This week, PHP company RIPS Technologies published the research that led to this warning which gives WooCommerce and WordPress admins more of the gory detail.

There are two parts to the vulnerability, the first of which the researchers describe as a “design flaw in the privilege system of WordPress.”

The second, in WooCommerce itself, is an apparently simple file deletion vulnerability affecting versions 3.4.5 and earlier.

Which of the two is the bigger issue will depend on whether you worry more about a site’s e-commerce function or happen to be its admin – either way, the combination spells trouble.


Did you find apk for android? You can find new Free Android Games and apps.

You might also like More from author

Leave A Reply

Your email address will not be published.