Admin gap closed in three WordPress plugins

If you use the Woocommerce shop system in combination with the plugins Login/Signup Popup, Side Cart Woocommerce (Ajax) or Waitlist Woocommerce (Back in stock notifier) on your WordPress website, you should update the software for security reasons .

According to a report by Wordfence security researchers, the plug-ins are installed on 84,000 pages. All three plugins have a vulnerability (CVE-2022-0215 ”high“) attackable.

Admin account for attackers

The vulnerability is in the save-settings-Function via wp_ajax. Since it is not checked here who makes changes, attackers could make illegal settings on websites (CSFR attack). To do this, however, they have to get a logged-in admin to click on a link. If that works, an attacker could, among other things, create a new admin account and gain full control over a site.

The following versions should be protected against such attacks:

Login/Signup Popup 2.3
Sidecart WooCommerce (Ajax) 2.1
Waitlist Woocommerce ( Back in stock notifier ) 2.5.2

Asteroid Apocalypse: How big does an asteroid have to be to wipe out humanity?

Rating of the best computer cases in Ukraine – TOP-10 models

M1 Abrams: American tank for the liberation of Ukrainian land

AMD Ryzen 9 7950X ($699) and Ryzen 5 7600X ($299) – Zen 4 processor performance and specs using high and low models

20 giant companies that ruled the Internet – from the late 1990s to today

Mobile anti-aircraft missile system NASAMS – device, capabilities, importance for Ukraine

High-tech counteroffensive: how the Switchblade 600 kamikaze drone will help Ukrainian soldiers

Shahed-136 kamikaze drones from Iran – how dangerous and how to counter them

We treat blackout inexpensively – affordable and compact means of backup power supply and heating

Admin gap closed in three WordPress plugins

Admin account for attackers