The U.S government National Vulnerability Database (NVD) released cautions of vulnerabilities in 5 WooCommerce WordPress plugins affecting over 135,000 installations.
A lot of the vulnerabilities vary in severity to as high as Critical and ranked 9.8 on a scale of 1-10.
Every vulnerability was designated a CVE identity number (Typical Vulnerabilities and Direct exposures) offered to found vulnerabilities.
1. Advanced Order Export For WooCommerce
The Advanced Order Export for WooCommerce plugin, installed in over 100,000 sites, is susceptible to a Cross-Site Request Forgery (CSRF) attack.
A Cross-Site Demand Forgery (CSRF) vulnerability occurs from a flaw in a website plugin that allows an attacker to trick a site user into performing an unexpected action.
Site browsers typically consist of cookies that inform a site that a user is registered and visited. An attacker can assume the advantage levels of an admin. This offers the enemy complete access to a website, exposes delicate consumer information, and so on.
This particular vulnerability can result in an export file download. The vulnerability description does not describe what file can be downloaded by an assailant.
Given that the plugin’s function is to export WooCommerce order data, it might be affordable to presume that order data is the sort of file an aggressor can access.
The main vulnerability description:
“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin