WordPress, WooCommerce flaws combine to allow website hijacking
#1
Quote:A flaw in how WordPress handles privilege assignments can be exploited to permit attackers to hijack WooCommerce websites.

The issue in the content management system (CMS) was discovered by Simon Scannell, a security researcher from RIPS Technologies, who said in a blog post that the design flaw specifically impacts WooCommerce, a popular WordPress plugin which has been downloaded over four million times.

"The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account," the security researcher says.

The plugin has been developed by Automattic and is a free e-commerce system for WordPress-based websites.

A file deletion bug was found in the software, and on its own, would generally not be considered critical as the best an attacker could do would be to delete index.php pages and cause a denial of service. However, when coupled with the WordPress design flaw, the bug's severity increases.

Source: https://www.zdnet.com/article/wordpress-...hijacking/
[-] The following 1 user says Thank You to silversurfer for this post:
  â€˘ harlan4096
Reply


Messages In This Thread
WordPress, WooCommerce flaws combine to allow website hijacking - by silversurfer - 07 November 18, 15:22

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AnyDesk 9.7.9 for Windows
Version 9.7.9 for ...harlan4096 — 15:57
uBOLite 2026.705.2152 (already available...
uBOLite 2026.705.2...harlan4096 — 10:23
Microsoft Warns Windows 11 Enterprise De...
Microsoft has issu...harlan4096 — 10:22
QOwnNotes
26.7.1 Added a ne...Kool — 05:26
NanaZip 6.5 Update (6.5.1767.0)
NanaZip 6.5 Update...harlan4096 — 19:15

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>