Vulnerabilities Discovered in Five WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) released warnings of vulnerabilities in five WooCommerce WordPress plugins affecting over 135,000 setups.

Many of the vulnerabilities vary in seriousness to as high as Critical and rated 9.8 on a scale of 1-10.

Every vulnerability was designated a CVE identity number (Common Vulnerabilities and Exposures) provided to found vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 websites, is vulnerable to a Cross-Site Demand Forgery (CSRF) attack.

A Cross-Site Request Forgery (CSRF) vulnerability occurs from a defect in a site plugin that allows an aggressor to deceive a site user into performing an unintentional action.

Website internet browsers normally contain cookies that tell a website that a user is signed up and logged in. An opponent can presume the benefit levels of an admin. This gives the enemy complete access to a site, exposes sensitive client details, and so on.

This specific vulnerability can cause an export file download. The vulnerability description doesn’t describe what file can be downloaded by an enemy.

Considered that the plugin’s purpose is to export WooCommerce order data, it may be affordable to assume that order data is the kind of file an opponent can access.

The main vulnerability description:

“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin