Skip to main content

Vulns in online shopping toolkit WooCommerce can blast a hole in your WordPress security

posted onNovember 7, 2018
by l33tdawg
The Register
Credit: The Register

A vulnerability in the WooCommerce online store platform, used by over four million vendors, can be exploited to hijack WordPress installations hosting the software.

Researchers at RIPSTech discovered and reported the flaw directly to WooCommerce's developers, who cleaned up the bug in version 3.4.6 – so make sure you're running that.

If exploited, the bug allows users with a shop manager account in WooCommerce the ability to delete files on the server and, possibly, take over admin accounts. That means rogue employees, or someone with access to their accounts, could vandalize or tamper with the host website, and so on. "The way WordPress handles privileges is by assigning certain capabilities to different roles," explained RIPSTech researcher Simon Scannell

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th