Vulnerabilities Found in Five WooCommerce WordPress Plugins

Posted by

The U.S government National Vulnerability Database (NVD) released warnings of vulnerabilities in five WooCommerce WordPress plugins affecting over 135,000 installations.

Many of the vulnerabilities range in seriousness to as high as Critical and ranked 9.8 on a scale of 1-10.

Every vulnerability was assigned a CVE identity number (Common Vulnerabilities and Direct exposures) offered to discovered vulnerabilities.

1. Advanced Order Export For WooCommerce

The Advanced Order Export for WooCommerce plugin, installed in over 100,000 websites, is vulnerable to a Cross-Site Request Forgery (CSRF) attack.

A Cross-Site Request Forgery (CSRF) vulnerability emerges from a flaw in a website plugin that enables an assailant to trick a site user into performing an unexpected action.

Site internet browsers usually contain cookies that inform a website that a user is signed up and logged in. An assailant can assume the advantage levels of an admin. This provides the attacker full access to a website, exposes sensitive customer information, and so on.

This specific vulnerability can result in an export file download. The vulnerability description doesn’t explain what file can be downloaded by an assailant.

Given that the plugin’s purpose is to export WooCommerce order information, it may be affordable to presume that order information is the sort of file an aggressor can gain access to.

The official vulnerability description:

“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin