The U.S federal government National Vulnerability Database (NVD) released cautions of vulnerabilities in 5 WooCommerce WordPress plugins affecting over 135,000 setups.
A number of the vulnerabilities vary in seriousness to as high as Vital and ranked 9.8 on a scale of 1-10.
Every vulnerability was assigned a CVE identity number (Typical Vulnerabilities and Exposures) offered to discovered vulnerabilities.
1. Advanced Order Export For WooCommerce
The Advanced Order Export for WooCommerce plugin, installed in over 100,000 websites, is vulnerable to a Cross-Site Demand Forgery (CSRF) attack.
A Cross-Site Demand Forgery (CSRF) vulnerability develops from a flaw in a site plugin that enables an enemy to trick a site user into performing an unexpected action.
Website web browsers usually consist of cookies that tell a site that a user is signed up and logged in. An assailant can presume the opportunity levels of an admin. This provides the opponent full access to a site, exposes sensitive consumer information, and so on.
This particular vulnerability can result in an export file download. The vulnerability description doesn’t describe what file can be downloaded by an enemy.
Considered that the plugin’s purpose is to export WooCommerce order information, it may be reasonable to assume that order data is the sort of file an enemy can access.
The official vulnerability description:
“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin