1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • WordPress force updates thousands of websites following WooCommer

    From TechnologyDaily@1337:1/100 to All on Fri Mar 24 12:00:03 2023
    WordPress force updates thousands of websites following WooCommerce security breach

    Date:
    Fri, 24 Mar 2023 11:47:35 +0000

    Description:
    Flaw in WooCommerce WordPress add-on allowed hackers to take over the website.

    FULL STORY ======================================================================

    Top website builder WordPress has pushed an urgent update to users with the WooCommerce add-on installed in response to a highly disruptive security vulnerability.

    Cybersecurity researchers from GoldNetwork recently discovered a major flaw affecting WooCommerce Payments 4.8.0 and higher. WooCommerce is an
    open-source ecommerce WordPress plugin designed to service small and medium-sized businesses.

    Explaining the bug in more detail, researchers from WordFence (a
    cybersecurity team focused on WordPress) claim the bug allows threat actors
    to "impersonate an administrator and completely take over a website without any user interaction or social engineering required." Disaster avoided

    WooCommerce devs have now released a security update, and the good news (or
    so it seems right now) is that the Swiss researchers were the first ones to discover the flaw.

    "At this time we have no evidence that the vulnerability was exploited beyond identifying it in our own security testing program. We do not believe any store or customer data was compromised as a result of this vulnerability," BleepingComputer cited Beau Lebens, Head of Engineering at WooCommerce.

    "We immediately deactivated the impacted services and mitigated the issue for all websites hosted on WordPress.com, Pressable, and WPVIP." Read more

    10 reasons why WooCommerce is the perfect partner for an ecommerce website


    WooCommerce ecommerce platform review


    Check out the best endpoint protection services right now

    If you have a WordPress site with WooCommerce, chances are its already been updated: We shipped a fix and worked with the WordPress.org Plugins Team to auto-update sites running WooCommerce Payments 4.8.0 through 5.6.1 to patched versions. The update is currently being automatically rolled out to as many stores as possible," Lebens said.

    Here are all the vulnerable WooCommerce Payments versions: .8.2, 4.9.1,
    5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2, and 5.6.2.

    If your website is still running any of the above mentioned versions, chances are it still hasnt been updated. To do so manually, head to your WP Admin dashboard, navigate to Plugins, find WooCommerce Payments, and look for a notification about the vulnerability, as well as the instructions on how to update. These are the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/wordpress-force-updates-thousands-of-websites-f ollowing-woocommerce-security-breach


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)