Admin gap closed in three WordPress plugins

Admin gap closed in three WordPress plugins

If you use the Woocommerce shop system in combination with the plugins Login/Signup Popup, Side Cart Woocommerce (Ajax) or Waitlist Woocommerce (Back in stock notifier) ​​on your WordPress website, you should update the software for security reasons .

According to a report by Wordfence security researchers, the plug-ins are installed on 84,000 pages. All three plugins have a vulnerability (CVE-2022-0215 ​​”high“) attackable.

The vulnerability is in the save-settings-Function via wp_ajax. Since it is not checked here who makes changes, attackers could make illegal settings on websites (CSFR attack). To do this, however, they have to get a logged-in admin to click on a link. If that works, an attacker could, among other things, create a new admin account and gain full control over a site.

The following versions should be protected against such attacks:

  • Login/Signup Popup 2.3
  • Sidecart WooCommerce (Ajax) 2.1
  • Waitlist Woocommerce ( Back in stock notifier ) 2.5.2
WordPress App for Android version 19.1 is now available Previous post WordPress app for Android version 18.9 is now available
Very public mail servers |  c't Next post Very public mail servers