WebARX, the company that discovered the flaws on August 7th 2020 in Discount Rules for WooCommerce, a plugin found on over 30,000 websites that allows ecommerce website owners to create valuable discount codes for their products. A patch to fix the vulnerabilities was released soon after.
With the release of the update, it is important that the website admins update the plugin to avoid any intrusions, says WebARX.
An unauthenticated attacker can execute the binary code by easily exploiting the stored cross-site scripting aka XSS.
SecurityWeek reported, “an attacker looking to exploit the vulnerabilities would first have to crawl the internet for affected WordPress websites by looking for the “woocommerce” string in their source code. Once a potential target has been found, they can send it a malicious payload.”
According to studies, the challenges observed by the experts in the website security industry are primarily related to lack of prevention, knowledge, software education.