Vulnerabilities Discovered in 5 WooCommerce WordPress Plugins

Posted by

The U.S government National Vulnerability Database (NVD) released cautions of vulnerabilities in 5 WooCommerce WordPress plugins affecting over 135,000 installations.

A lot of the vulnerabilities vary in intensity to as high as Important and ranked 9.8 on a scale of 1-10.

Every vulnerability was assigned a CVE identity number (Common Vulnerabilities and Direct exposures) offered to discovered vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 sites, is vulnerable to a Cross-Site Demand Forgery (CSRF) attack.

A Cross-Site Request Forgery (CSRF) vulnerability occurs from a defect in a website plugin that permits an assaulter to fool a site user into carrying out an unintended action.

Website web browsers normally consist of cookies that inform a site that a user is signed up and logged in. An enemy can assume the benefit levels of an admin. This gives the assaulter full access to a site, exposes delicate client details, and so on.

This particular vulnerability can lead to an export file download. The vulnerability description doesn’t describe what file can be downloaded by an enemy.

Given that the plugin’s purpose is to export WooCommerce order data, it may be affordable to presume that order data is the type of file an attacker can gain access to.

The main vulnerability description:

“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin