A WordPress WooCommerce plugin vulnerability threatened greater than 60,000 web sites. The vulnerability within the plugin named WooCommerce Checkout Supervisor plugin may enable arbitrary file uploads. Customers should guarantee upgrading to the newest plugin model 4.three to keep away from doable exploit following the general public disclosure of the flaw.
WordPress WooCommerce Plugin Vulnerability
Reportedly, a critical WordPress WooCommerce plugin vulnerability put hundreds of websites at risk of being hacked. The flaw existed within the WooCommerce Checkout Supervisor that would enable a possible attacker to execute arbitrary file uploads. What’s dangerous right here is that the researchers have made full disclosure of the flaw attributable to conflicts within the WordPress discussion board with moderators.
“As a result of moderators of the WordPress Assist Discussion board’s continued inappropriate habits we’re full disclosing vulnerabilities in protest till WordPress will get that state of affairs cleaned up.”
The researchers from the Plugin Vulnerabilities have described the flaw together with the proof of idea of their blog post. As reported, a flaw existed within the ‘Categorized File Add’ setting of the plugin. Whereas the plugin has the file add function inactive by default, an enabled ‘Categorized File Add’ choice may enable an attacker to add any .php file to a location they might entry.
Flaw Patched Not too long ago
In accordance with the stats proven on the plugin’s site, the WooCommerce Checkout Supervisor has greater than 60,000 lively installations. It signifies that the flaw mentioned above may threaten all these >60,000 web sites.
Following the general public disclosure of the vulnerability, the builders, Visser Labs, shortly pulled off the plugin to keep away from any mishaps. The developer Michael Visser additionally disclosed engaged on a repair in response to the PV weblog submit.
Happily, the patched model of the plugin is now accessible, as evident from the announcement made by Michael Visser. So now, the customers of this plugin ought to guarantee upgrading to the newest model 4.three to remain protected.
“Please improve to the 4.three Plugin launch instantly to patch a recognized safety situation earlier than it’s actively exploited. All it is advisable do is replace.”
WooCommerce Checkout Supervisor is a devoted plugin to handle the checkout pages of on-line shops by offering WooCommerce functionalities to the location pages.
