Vulnerabilities Found in 5 WooCommerce WordPress Plugins

Posted by

The U.S government National Vulnerability Database (NVD) published warnings of vulnerabilities in 5 WooCommerce WordPress plugins impacting over 135,000 installations.

Much of the vulnerabilities vary in severity to as high as Important and rated 9.8 on a scale of 1-10.

Every vulnerability was assigned a CVE identity number (Common Vulnerabilities and Exposures) offered to discovered vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 sites, is susceptible to a Cross-Site Request Forgery (CSRF) attack.

A Cross-Site Demand Forgery (CSRF) vulnerability develops from a flaw in a website plugin that permits an assaulter to fool a site user into carrying out an unintended action.

Site internet browsers usually include cookies that tell a website that a user is signed up and logged in. An aggressor can presume the opportunity levels of an admin. This offers the enemy complete access to a website, exposes delicate consumer info, and so on.

This particular vulnerability can cause an export file download. The vulnerability description does not describe what file can be downloaded by an attacker.

Given that the plugin’s purpose is to export WooCommerce order data, it may be sensible to presume that order data is the kind of file an enemy can access.

The main vulnerability description:

“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin