1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Serious WordPress plugin vulnerability puts thousands of sites at

    From TechnologyDaily@1337:1/100 to All on Thu Dec 2 11:45:04 2021
    Serious WordPress plugin vulnerability puts thousands of sites at risk

    Date:
    Thu, 02 Dec 2021 11:33:25 +0000

    Description:
    Attackers could exploit the vulnerability to completely take over an
    ecommerce website.

    FULL STORY ======================================================================

    Cybersecurity researchers have helped patch a security flaw in a popular WordPress plugin , which made it possible for an attacker to inject rogue JavaScript scripts into the plugins settings.

    Discovered by Wordpress security experts at Wordfence , the vulnerability exists in the Variation Swatches for WooCommerce plugin, an extension for the popular WooCommerce plugin that enables ecommerce sites to display and sell multiple variations of a single product.

    The plugin has a user base of 80,000 installations that were affected by the stored cross-site scripting (XSS) vulnerability

    This flaw made it possible for an attacker with low-level permissions, such
    as a subscriber or a customer, to inject malicious JavaScript that would execute when a site administrator accessed the settings area of the plugin, explains Chloe Chamberland, Wordfence researcher. Site takeover

    Chamberland says the vulnerability exists because the plugin relies on
    various AJAX actions for managing settings, which werent implemented
    securely. This allowed even the lowest authenticated user with minimal permissions to execute AJAX actions associated with the vulnerable functions.

    As always, malicious web scripts can be crafted to inject new administrative user accounts or even modify a plugin or theme file to include a backdoor which in turn would grant the attacker the ability to completely take over a site, said Chamberland, commenting on the implications of the bug.

    The developers of the plugin have fixed the flaw and released a patched version of the extension, urging all its users to make sure their installations are fully updated. Easily build a website with the best Wordpress website builders , and use one of the best Wordpress ecommerce plugins to construct an online store with ease



    ======================================================================
    Link to news story: https://www.techradar.com/news/serious-wordpress-plugin-vulnerability-puts-tho usands-of-sites-at-risk/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)