Mar 28, 2023
WooCommerce’s serious vulnerability allows unauthorized wordpress website takeover
Posted by Saúl Morales Rodriguéz in category: business
A serious flaw has been found in WooCommerce, a popular plug-in for managing online businesses that are built on the WordPress platform. This flaw might enable cybercriminals to take control of websites. Nevertheless, the WooCommerce team has provided fixes, and attackers are able to reverse-engineer the patch. Technical specifics concerning the vulnerability have not yet been disclosed. There are presently approximately 500,000 active installations of the WooCommerce Payments plug-in, which is the component that includes the vulnerability. The creators of WooCommerce have stated that managed WordPress hosting providers such as WordPress.com, Pressable, and WPVIP have automatically updated websites that are hosted on their platforms. But, if the other websites don’t already have automatic updates turned on, the administrators of those websites should immediately apply the update that is specific to their version.
Any versions of WooCommerce Payments that were created after 4.8.0, which was published at the end of September, are susceptible to the vulnerability. The following updated versions were made available by Automattic: 4.8.2, 4.9.1, 5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2 and 5.6.2.