Cybersecurity specialists recommend e-commerce WordPress websites using the WooCommerce plugin to remain alert due to the presence of a critical vulnerability that, if exploited, could allow hackers to take control of trade movements on a compromised website.
Plugin Vulnerabilities, a company dedicated to
the security of sites in WordPress,
was in charge of revealing the existence of this fault, also publishing details
on a proof of concept for its exploitation. This company has had serious
differences with the WordPress official support specialists, which are accused
of covering some cybersecurity issues on the platform.
The specialists specified that the
vulnerability does not reside precisely in WordPress or in the plugin
WooCommerce. The report mentions that the vulnerability lies in WooCommerce
Checkout Manager, an add-on for WooCommerce that extends its functionality,
allowing e-commerce Web sites to give a custom format to payment forms. It is
estimated that this plugin is being used by around 60k active websites.
This is an arbitrary file upload vulnerability
that can be remotely exploited if a web site has the “categorize uploaded
files” feature enabled in the WooCommerce Checkout Manager plugin.
According to cybersecurity specialists, the
vulnerability resides in the ‘includes/admin.php’ file, in which the files
given to a directory are moved using ‘move_uploaded_file’ without previously
performing the appropriate verifications. If exploited, the vulnerability would
allow a threat actor to run scripts on the server side, which would compromise
the application to access stored data or gain administrator-level access.
Specialists from the International Institute of
Cyber Security (IICS) recommend e-commerce site managers who use this plugin to
disable the “categorize uploaded files” feature, at least until the
company announces the launch of the update patch to fix the vulnerability.
Despite constant complaints from the official
WordPress support forum, Plugin Vulnerabilities keeps disclosing security flaws
in some developments that are compatible with this platform, which has caused
WordPress to include this firm on its blacklist.