Vulnerabilities Found in 5 WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) published warnings of vulnerabilities in five WooCommerce WordPress plugins affecting over 135,000 installations.

Many of the vulnerabilities range in severity to as high as Important and ranked 9.8 on a scale of 1-10.

Every vulnerability was assigned a CVE identity number (Typical Vulnerabilities and Exposures) given to discovered vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, set up in over 100,000 websites, is susceptible to a Cross-Site Request Forgery (CSRF) attack.

A Cross-Site Demand Forgery (CSRF) vulnerability arises from a flaw in a site plugin that permits an enemy to deceive a website user into performing an unintended action.

Website browsers normally include cookies that tell a site that a user is registered and visited. An aggressor can presume the benefit levels of an admin. This provides the attacker full access to a site, exposes sensitive customer information, and so on.

This particular vulnerability can cause an export file download. The vulnerability description doesn’t describe what file can be downloaded by an opponent.

Given that the plugin’s purpose is to export WooCommerce order data, it might be affordable to assume that order information is the type of file an assailant can gain access to.

The main vulnerability description:

“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin