OrgWordPress

News And More

Admin gap closed in three WordPress plugins
All News 

Admin gap closed in three WordPress plugins

Ad

If you use the Woocommerce shop system in combination with the plugins Login/Signup Popup, Side Cart Woocommerce (Ajax) or Waitlist Woocommerce (Back in stock notifier) ​​on your WordPress website, you should update the software for security reasons .

According to a report by Wordfence security researchers, the plug-ins are installed on 84,000 pages. All three plugins have a vulnerability (CVE-2022-0215 ​​”high“) attackable.

Admin account for attackers

The vulnerability is in the save-settings-Function via wp_ajax. Since it is not checked here who makes changes, attackers could make illegal settings on websites (CSFR attack). To do this, however, they have to get a logged-in admin to click on a link. If that works, an attacker could, among other things, create a new admin account and gain full control over a site.

The following versions should be protected against such attacks:

  • Login/Signup Popup 2.3
  • Sidecart WooCommerce (Ajax) 2.1
  • Waitlist Woocommerce ( Back in stock notifier ) 2.5.2

(of)

To home page