WordPress Bug Endangers WooCommerce Shop Owners
NEWS

WordPress Bug Endangers WooCommerce Shop Owners

Online merchants using WordPress as a platform can become victims of a new remote code execution flaw. A new security report reveals that the bug can interact with the WooCommerce plugin, as a result the criminals can overtake the shops.




WooCommerce Sites Can Be Hijacked By The WordPress Bug: The Hackers Will Take Control

The WordPress content management system as a popular tool for setting up websites of all types, including web shops. It has now turned out that a team of security researchers discovered a critical flaw in it. According to the released information the e-commerce plugin is affected by a file deletion bug which allows hackers to take over control of the sites. This is done by escalating their privileges and eventually executing the necessary code on the hacked sites.

Related:
After December 31, 2018, millions of websites will stop receiving security updates for their servers, and will be exposed to a variety of security dangers.
Support for PHP 5.6.x Ends in 2 Months, Millions of Websites at Risk

The quoted reason is the “roles” system which is used to assign the privilege access levels to the visitors of the shop. By deleting a certain file via the main WordPress bug the hackers will be able to overtake control of the shops. Access to the configuration file can be done via several of the popular intrusion strategies:

  • Cross-Site Scripting (XSS) Attacks — They seek to manipulate the browsers by calling dangerous scripts and commands that can lead to the execution of the necessary code. They are often located on fake web sites or communities. In many cases th hackers can mask them as useful tutorials or guides.
  • Phishing Sites — The criminals can also construct fake landing pages that pose as official domains of WordPress or the WooCommerce plugin. They can use similar sounding domain names or security certificates in order to coerce the visitors into interacting with them.
  • Virus Infections — Malware infections like Trojans can manipulate the system into executing the dangerous behavior.

We remind our readers that WordPress sites are constantly being targeted by various attacks, a recent example is the

A recent report indicates that WordPress site administrators are becoming target to a global phishing scam, read our article to learn more about it
September global phishing scam. A patch fixing the arbitrary file deletion vulnerability was released to WordPress site owners in October. We recommend that all users apply all the latest updates to secure their online shops. For more information on the matter read the public disclosure.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...