Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
#1
Information 
Quote:A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed.
 
The exploitation prompted WooCommerce to release an emergency patch for the issue late on Wednesday. The bug could allow unauthenticated cyberattackers to make off with scads of information from an online store’s database – anything from customer data and payment-card info to employee credentials.
 
WooCommerce, a popular open-source e-commerce platform for websites running on WordPress, is installed on more than 5 million websites globally. It allows online merchants to create storefronts with various customizable options such as payment types accepted, shipping features, sales tax calculations and so on.
 
The related plugin affected by the bug is the WooCommerce Blocks feature, which is installed on more than 200,000 sites. It helps merchants display their products on webpages.
 
The bug (CVE pending) was originally reported by Josh Ledford of Richmond, Va.-based Development Operations Security (DOS), with disclosure coordination help from HackerOne security researcher Thomas DeVoss (dawgyg). DeVoss said via Twitter that he was able to pull together a working proof-of-concept exploit, but that he wouldn’t release details of the bug until after there’s been time for merchants to apply the patch.
 
So, technical details are scant apart from the fact that it allows SQL injection – a type of attack that allows a cyberattacker to interfere with the queries that an application makes to its database. Usually this is carried out by inserting malicious SQL statements into an entry field for execution.

Read more: Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Intel Graphics Driver 32.0.101.7088 / 10...
Homepage Download...harlan4096 — 10:05
Privazer 4.0.124.2
v4.0.124.2 (01 Jul...harlan4096 — 09:58
Google Chrome 150.0.7871.46/.47
Google Chrome 150....harlan4096 — 09:55
Kali Linux 2026.2 Released With 9 New To...
Offensive Security...harlan4096 — 08:28
INTEL Arc Graphics 32.0.101.8860 driver
INTEL Arc Graphics...harlan4096 — 08:19

[-]
Birthdays
Today's Birthdays
avatar (41)optsaZes
avatar (40)RaymondViata
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>