The U.S government National Vulnerability Database (NVD) released cautions of vulnerabilities in five WooCommerce WordPress plugins affecting over 135,000 setups.
A lot of the vulnerabilities vary in seriousness to as high as Critical and rated 9.8 on a scale of 1-10.
Every vulnerability was assigned a CVE identity number (Common Vulnerabilities and Direct exposures) given to found vulnerabilities.
1. Advanced Order Export For WooCommerce
The Advanced Order Export for WooCommerce plugin, set up in over 100,000 sites, is susceptible to a Cross-Site Demand Forgery (CSRF) attack.
A Cross-Site Demand Forgery (CSRF) vulnerability emerges from a defect in a site plugin that permits an opponent to fool a site user into carrying out an unexpected action.
Site internet browsers typically contain cookies that tell a site that a user is registered and logged in. An enemy can presume the opportunity levels of an admin. This gives the enemy complete access to a website, exposes delicate consumer information, and so on.
This specific vulnerability can result in an export file download. The vulnerability description doesn’t describe what file can be downloaded by an enemy.
Given that the plugin’s purpose is to export WooCommerce order data, it may be affordable to presume that order information is the type of file an assailant can access.
The main vulnerability description:
“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin