Vulnerabilities Found in Five WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) released cautions of vulnerabilities in 5 WooCommerce WordPress plugins affecting over 135,000 setups.

Many of the vulnerabilities vary in severity to as high as Important and rated 9.8 on a scale of 1-10.

Every vulnerability was designated a CVE identity number (Common Vulnerabilities and Exposures) offered to discovered vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 sites, is susceptible to a Cross-Site Demand Forgery (CSRF) attack.

A Cross-Site Demand Forgery (CSRF) vulnerability emerges from a defect in a site plugin that allows an aggressor to deceive a website user into performing an unexpected action.

Site internet browsers normally consist of cookies that tell a website that a user is registered and visited. An assailant can presume the advantage levels of an admin. This gives the assailant complete access to a site, exposes sensitive client details, and so on.

This particular vulnerability can result in an export file download. The vulnerability description doesn’t explain what file can be downloaded by an assaulter.

Considered that the plugin’s purpose is to export WooCommerce order data, it might be sensible to presume that order information is the type of file an assailant can gain access to.

The official vulnerability description:

“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin