Vulnerabilities Discovered in 5 WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) released warnings of vulnerabilities in 5 WooCommerce WordPress plugins impacting over 135,000 setups.

A number of the vulnerabilities range in severity to as high as Crucial and rated 9.8 on a scale of 1-10.

Every vulnerability was appointed a CVE identity number (Common Vulnerabilities and Exposures) provided to discovered vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, set up in over 100,000 sites, is vulnerable to a Cross-Site Request Forgery (CSRF) attack.

A Cross-Site Demand Forgery (CSRF) vulnerability emerges from a defect in a site plugin that enables an aggressor to trick a website user into carrying out an unintended action.

Site browsers usually consist of cookies that inform a site that a user is registered and logged in. An enemy can assume the benefit levels of an admin. This provides the attacker complete access to a website, exposes delicate consumer information, and so on.

This specific vulnerability can result in an export file download. The vulnerability description doesn’t explain what file can be downloaded by an aggressor.

Considered that the plugin’s function is to export WooCommerce order data, it may be sensible to assume that order information is the type of file an assaulter can access.

The official vulnerability description:

“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin