Vulnerabilities Found in 5 WooCommerce WordPress Plugins

Posted by

The U.S federal government National Vulnerability Database (NVD) published warnings of vulnerabilities in five WooCommerce WordPress plugins affecting over 135,000 installations.

A lot of the vulnerabilities range in intensity to as high as Critical and ranked 9.8 on a scale of 1-10.

Every vulnerability was appointed a CVE identity number (Common Vulnerabilities and Direct exposures) given to found vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 websites, is vulnerable to a Cross-Site Demand Forgery (CSRF) attack.

A Cross-Site Request Forgery (CSRF) vulnerability emerges from a flaw in a website plugin that enables an attacker to fool a website user into performing an unexpected action.

Site web browsers usually consist of cookies that inform a website that a user is signed up and logged in. An enemy can assume the benefit levels of an admin. This gives the opponent full access to a website, exposes delicate customer information, and so on.

This specific vulnerability can result in an export file download. The vulnerability description doesn’t explain what file can be downloaded by an assailant.

Given that the plugin’s function is to export WooCommerce order data, it might be affordable to assume that order data is the sort of file an aggressor can access.

The official vulnerability description:

“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin