The U.S government National Vulnerability Database (NVD) released warnings of vulnerabilities in 5 WooCommerce WordPress plugins impacting over 135,000 setups.
Many of the vulnerabilities vary in intensity to as high as Crucial and rated 9.8 on a scale of 1-10.
Every vulnerability was assigned a CVE identity number (Common Vulnerabilities and Direct exposures) given to found vulnerabilities.
1. Advanced Order Export For WooCommerce
The Advanced Order Export for WooCommerce plugin, installed in over 100,000 sites, is vulnerable to a Cross-Site Demand Forgery (CSRF) attack.
A Cross-Site Demand Forgery (CSRF) vulnerability develops from a flaw in a website plugin that permits an opponent to deceive a site user into carrying out an unexpected action.
Website browsers usually include cookies that inform a website that a user is signed up and logged in. An enemy can assume the opportunity levels of an admin. This provides the enemy complete access to a site, exposes sensitive client info, and so on.
This particular vulnerability can result in an export file download. The vulnerability description does not explain what file can be downloaded by an assailant.
Given that the plugin’s purpose is to export WooCommerce order data, it may be sensible to presume that order information is the sort of file an enemy can gain access to.
The main vulnerability description:
“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin