Vulnerabilities Discovered in 5 WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) published warnings of vulnerabilities in 5 WooCommerce WordPress plugins impacting over 135,000 setups.

Much of the vulnerabilities vary in seriousness to as high as Important and ranked 9.8 on a scale of 1-10.

Every vulnerability was designated a CVE identity number (Typical Vulnerabilities and Exposures) provided to discovered vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, set up in over 100,000 sites, is susceptible to a Cross-Site Request Forgery (CSRF) attack.

A Cross-Site Request Forgery (CSRF) vulnerability emerges from a defect in a site plugin that enables an opponent to deceive a site user into performing an unexpected action.

Site browsers generally contain cookies that tell a site that a user is registered and visited. An opponent can presume the advantage levels of an admin. This provides the aggressor complete access to a website, exposes sensitive client information, and so on.

This particular vulnerability can result in an export file download. The vulnerability description does not describe what file can be downloaded by an opponent.

Considered that the plugin’s function is to export WooCommerce order information, it might be sensible to presume that order data is the kind of file an enemy can gain access to.

The main vulnerability description:

“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin