Recently, a vulnerability was seen in WordPress that can affect millions of online shops powered by WooCommerce plugin.
As, we all know WooCommerce is an e-commerce WordPress plugin that hosts millions of leading online stores worldwide. The vulnerability, reported by RIPS Technology allows shop managers to delete certain files on the server and take over any admin account.
Within the plugin, shop managers are employees of the store who is responsible for tracking orders, products, and customers. However, their position is ranked below admin.
Nevertheless, the privileges of an admin can be obtained through the XSS vulnerability or the phishing attack that has left more than four million WooCommerce shops under attack.
According to researchers, the file deletion vulnerabilities are not considered severe as it does not give the hacker much access to the website. However, in this case, if certain plugins of WordPress are deleted – the security checks of the website can also be disabled leading to a full site takeover.
The design flaw of WooCommerce was patched in version 3.4.6. and signifies how file deletion vulnerabilities can be used to escalate privileges.
The vulnerability was reported in August when researchers made public the proof regarding the threat to WordPress plugin.
Read Next: 51 Amazing Facts You Probably Don’t Know About WordPress (infographic)
As, we all know WooCommerce is an e-commerce WordPress plugin that hosts millions of leading online stores worldwide. The vulnerability, reported by RIPS Technology allows shop managers to delete certain files on the server and take over any admin account.
Within the plugin, shop managers are employees of the store who is responsible for tracking orders, products, and customers. However, their position is ranked below admin.
Nevertheless, the privileges of an admin can be obtained through the XSS vulnerability or the phishing attack that has left more than four million WooCommerce shops under attack.
According to researchers, the file deletion vulnerabilities are not considered severe as it does not give the hacker much access to the website. However, in this case, if certain plugins of WordPress are deleted – the security checks of the website can also be disabled leading to a full site takeover.
The design flaw of WooCommerce was patched in version 3.4.6. and signifies how file deletion vulnerabilities can be used to escalate privileges.
The vulnerability was reported in August when researchers made public the proof regarding the threat to WordPress plugin.
Read Next: 51 Amazing Facts You Probably Don’t Know About WordPress (infographic)