Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
#1
Information 
Quote:A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed.
 
The exploitation prompted WooCommerce to release an emergency patch for the issue late on Wednesday. The bug could allow unauthenticated cyberattackers to make off with scads of information from an online store’s database – anything from customer data and payment-card info to employee credentials.
 
WooCommerce, a popular open-source e-commerce platform for websites running on WordPress, is installed on more than 5 million websites globally. It allows online merchants to create storefronts with various customizable options such as payment types accepted, shipping features, sales tax calculations and so on.
 
The related plugin affected by the bug is the WooCommerce Blocks feature, which is installed on more than 200,000 sites. It helps merchants display their products on webpages.
 
The bug (CVE pending) was originally reported by Josh Ledford of Richmond, Va.-based Development Operations Security (DOS), with disclosure coordination help from HackerOne security researcher Thomas DeVoss (dawgyg). DeVoss said via Twitter that he was able to pull together a working proof-of-concept exploit, but that he wouldn’t release details of the bug until after there’s been time for merchants to apply the patch.
 
So, technical details are scant apart from the fact that it allows SQL injection – a type of attack that allows a cyberattacker to interfere with the queries that an application makes to its database. Usually this is carried out by inserting malicious SQL statements into an entry field for execution.

Read more: Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>