WordPress Bug Endangers WooCommerce Shop Owners
CYBER NEWS

WordPress Bug Endangers WooCommerce Shop Owners

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Online merchants using WordPress as a platform can become victims of a new remote code execution flaw. A new security report reveals that the bug can interact with the WooCommerce plugin, as a result the criminals can overtake the shops.




WooCommerce Sites Can Be Hijacked By The WordPress Bug: The Hackers Will Take Control

The WordPress content management system as a popular tool for setting up websites of all types, including web shops. It has now turned out that a team of security researchers discovered a critical flaw in it. According to the released information the e-commerce plugin is affected by a file deletion bug which allows hackers to take over control of the sites. This is done by escalating their privileges and eventually executing the necessary code on the hacked sites.

Related: Support for PHP 5.6.x Ends in 2 Months, Millions of Websites at Risk

The quoted reason is the “roles” system which is used to assign the privilege access levels to the visitors of the shop. By deleting a certain file via the main WordPress bug the hackers will be able to overtake control of the shops. Access to the configuration file can be done via several of the popular intrusion strategies:

  • Cross-Site Scripting (XSS) Attacks — They seek to manipulate the browsers by calling dangerous scripts and commands that can lead to the execution of the necessary code. They are often located on fake web sites or communities. In many cases th hackers can mask them as useful tutorials or guides.
  • Phishing Sites — The criminals can also construct fake landing pages that pose as official domains of WordPress or the WooCommerce plugin. They can use similar sounding domain names or security certificates in order to coerce the visitors into interacting with them.
  • Virus Infections — Malware infections like Trojans can manipulate the system into executing the dangerous behavior.

We remind our readers that WordPress sites are constantly being targeted by various attacks, a recent example is the

September global phishing scam. A patch fixing the arbitrary file deletion vulnerability was released to WordPress site owners in October. We recommend that all users apply all the latest updates to secure their online shops. For more information on the matter read the public disclosure.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...