Vulnerabilities Discovered in 5 WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) published warnings of vulnerabilities in five WooCommerce WordPress plugins affecting over 135,000 setups.

Many of the vulnerabilities range in intensity to as high as Critical and ranked 9.8 on a scale of 1-10.

Every vulnerability was designated a CVE identity number (Typical Vulnerabilities and Exposures) offered to found vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, set up in over 100,000 websites, is vulnerable to a Cross-Site Request Forgery (CSRF) attack.

A Cross-Site Demand Forgery (CSRF) vulnerability develops from a flaw in a site plugin that allows an aggressor to fool a site user into carrying out an unintentional action.

Site browsers usually consist of cookies that tell a site that a user is signed up and logged in. An assaulter can assume the opportunity levels of an admin. This provides the attacker complete access to a site, exposes sensitive consumer info, and so on.

This specific vulnerability can cause an export file download. The vulnerability description doesn’t explain what file can be downloaded by an attacker.

Considered that the plugin’s function is to export WooCommerce order information, it may be sensible to presume that order data is the kind of file an assaulter can access.

The main vulnerability description:

“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin