Vulnerabilities Found in Five WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) released cautions of vulnerabilities in 5 WooCommerce WordPress plugins impacting over 135,000 installations.

A lot of the vulnerabilities vary in intensity to as high as Critical and ranked 9.8 on a scale of 1-10.

Every vulnerability was designated a CVE identity number (Typical Vulnerabilities and Exposures) offered to found vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 websites, is susceptible to a Cross-Site Request Forgery (CSRF) attack.

A Cross-Site Request Forgery (CSRF) vulnerability develops from a flaw in a website plugin that allows an opponent to deceive a website user into performing an unintentional action.

Website internet browsers typically consist of cookies that tell a website that a user is registered and visited. An opponent can assume the benefit levels of an admin. This offers the assailant complete access to a site, exposes sensitive customer information, and so on.

This specific vulnerability can result in an export file download. The vulnerability description does not explain what file can be downloaded by an enemy.

Given that the plugin’s purpose is to export WooCommerce order data, it might be affordable to presume that order information is the kind of file an assaulter can gain access to.

The official vulnerability description:

“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin