HomesecurityWooCommerce fixes a serious vulnerability
security

WooCommerce fixes a serious vulnerability

Teo Ehc
By Teo Ehc

WooCommerce has been updated to fix a serious vulnerability that could be exploited without authentication. Administrators are advised to install the latest version of the platform, as the flaw affects more than 90 versions starting with 5.5.0.

WooCommerce

See also: Facebook: direct export of posts to Google Docs and WordPress

The WooCommerce plugin affected has more than five million installations.

In a post today, the WooCommerce team says the bug is critical and affects both the plugin WooCommerce Blocks to display products in posts and pages.

SecNewsTV

SecNewsTV
Περισσότερα... Subscribe!

Both plugins received an update to version 5.5.1. The fix was released in affected versions (WooCommerce 3.3 to 5.5 and WooCommerce Blocks 2.5 to 5.5).

The vulnerability has not yet received a tracking number, but its severity rating was calculated at 8.2 out of 10 by Patchstack.

See also: WordPress plugin bugs: hackers can register as site admins

Risk of exploitation

The installed WooCommerce installations are currently receiving the code update with the help of the WordPress.org Plugin Team. Sites on the WordPress.com blogging platform have already received the fix.

At the same time, the WooCommerce team sent out an email informing users about the vulnerability.

An attacker exploiting this SQL injection flaw could obtain information about the store, management details and data about orders and customers.

WooCommerce strongly recommends updating to the latest version followed by changing passwords.

See also: SQL Injection vulnerability in Anti-spam WordPress plugin exposes user data

Developers learned about the bug after a security researcher named Josh reported it through Automattic's bug bounty program to HackerOne.

The vulnerability seems to be exploited by some hackers. Wordfence has seen "extremely limited evidence" of hacking attempts, suggesting that the attacks are highly targeted. Looking at the data, researchers saw that the attacks were coming from four IP addresses:

  • 107.173.148.66
  • 84.17.37.76
  • 122.161.49.71

The number of attacks is expected to increase when an exploit becomes more widely available.

Source of information: bleepingcomputer.com

Follow us on Google News and be the first to know all the news.

Previous article
Windows 10 21H2 released for testing, but not for everyone
Next article
How to freely move images in Microsoft Word
Teo Ehc
Teo Ehchttps://secnews.gr
Be the limited edition.

RELATED ARTICLES

spot_img

Subscribe to the Newsletter

* indicates required

FOLLOW US

LIVE NEWS

Load more

ABOUT US

SecNews.gr: No1 Portal for Technology News. Security, Hacking, TV and Tweaks for Geeks. Instant updates on all the developments in the field of security, TV, Hacks, TV and Geeks. Security and IT.

Contact: contact@secnews.gr

FOLLOW US

SecNews - Copyright © 2010 - 2024