Websites for buying products have proliferated like foam in recent years. The vast majority of them are based on WordPress. WooCommerce, one of the most popular plugins for this type of website has a vulnerability that could allow malicious code execution.
The plugin, installed on practically 20.000 websites offers a wide variety of tools for managing prices and offers for online stores.
According to researchers at Ninja Technologies, the vulnerabilities affect versions 2.4.1 and below. There are two, one is a cross-site scripting bug (XSS) and the other has a problem when exporting a file with information.
An external attacker would be able to download a data file that may have some empty fields, place corrupted information there and then re-upload the data file to the website. In addition, would have access to a multitude of information from the database of products offered on the website, customers' payment information and, even, employees' credentials.
WooCommerce users should update as soon as possible to the latest version of the plugin, since the company has already released the appropriate security patches.
Fountain: ThreatPost
Image:Business card photo created by ijeab – www.freepik.es