≡ Menu

New WooCommerce and WP Awesome Support Vulnerablilities

Our friends at wordfence.com have flagged an issue with WooCommerce.
It appears that there is a vulnerability that could allow an attacker to create a website that could steal a WooCommerce administrator’s cookies when they visit that site,  and allow the attacker access the target site with admin privileges. Evidence of exploits have been seen in the last 48 hours.

The vulnerability is in WooCommerce version 2.0.17 which is the current version, still being distributed.
An updated minor release version 2.0.18  is expected to be released either later today or tomorrow. Users are advised to upgrade immediately once WooCommerce 2.0.18 is released

We’ve also been told of  a vulnerability in versions of WP Awesome Support plugin. that could allow an attacker to upload any file to your system. Since the last update to this plugin was on 14 September 2013 – it seems that this vulnerability exists in the current version.

Lastly, there is also an arbitrary file upload vulnerability in the current version of the Magnitudo theme in the wild, so please contact the vendor for a fix. The theme was last updated in April of this year.  An exploit for this is being actively distributed. Google for details.

 

{ 0 comments… add one }

Leave a Comment