Vulnerabilities Found in 5 WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) released cautions of vulnerabilities in 5 WooCommerce WordPress plugins affecting over 135,000 setups.

Much of the vulnerabilities vary in seriousness to as high as Critical and rated 9.8 on a scale of 1-10.

Every vulnerability was appointed a CVE identity number (Typical Vulnerabilities and Direct exposures) given to discovered vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 sites, is vulnerable to a Cross-Site Demand Forgery (CSRF) attack.

A Cross-Site Demand Forgery (CSRF) vulnerability develops from a defect in a website plugin that allows an assaulter to trick a website user into carrying out an unexpected action.

Website web browsers generally contain cookies that inform a website that a user is registered and visited. An opponent can presume the benefit levels of an admin. This gives the aggressor full access to a website, exposes sensitive client details, and so on.

This specific vulnerability can cause an export file download. The vulnerability description does not describe what file can be downloaded by an aggressor.

Considered that the plugin’s function is to export WooCommerce order data, it might be affordable to presume that order information is the kind of file an assailant can access.

The main vulnerability description:

“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin