Vulnerabilities Discovered in 5 WooCommerce WordPress Plugins

Posted by

The U.S government National Vulnerability Database (NVD) released cautions of vulnerabilities in 5 WooCommerce WordPress plugins impacting over 135,000 setups.

A number of the vulnerabilities range in seriousness to as high as Vital and rated 9.8 on a scale of 1-10.

Every vulnerability was designated a CVE identity number (Typical Vulnerabilities and Exposures) provided to found vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 websites, is susceptible to a Cross-Site Demand Forgery (CSRF) attack.

A Cross-Site Demand Forgery (CSRF) vulnerability develops from a defect in a site plugin that permits an assailant to trick a site user into carrying out an unintentional action.

Website internet browsers normally contain cookies that inform a site that a user is registered and logged in. An assaulter can assume the privilege levels of an admin. This gives the assaulter complete access to a website, exposes sensitive consumer info, and so on.

This particular vulnerability can lead to an export file download. The vulnerability description does not describe what file can be downloaded by an assaulter.

Considered that the plugin’s purpose is to export WooCommerce order data, it may be sensible to presume that order data is the kind of file an enemy can gain access to.

The official vulnerability description:

“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin