WordPress and WooCommerce powered websites have been reported warned of cyber attacks and vulnerabilities discovered by researchers in a plugin.
WebARX, the company that discovered the flaws on August 7th 2020 in Discount Rules for WooCommerce, a plugin found on over 30,000 websites that allows ecommerce website owners to create valuable discount codes for their products. A patch to fix the vulnerabilities was released soon after.
With the release of the update, it is important that the website admins update the plugin to avoid any intrusions, says WebARX.
An unauthenticated attacker can execute the binary code by easily exploiting the stored cross-site scripting aka XSS.
SecurityWeek reported, “an attacker looking to exploit the vulnerabilities would first have to crawl the internet for affected WordPress websites by looking for the “woocommerce” string in their source code. Once a potential target has been found, they can send it a malicious payload.”
WebARX observed that the attackers are injecting malicious Javascript files and redirecting visitors to a fictitious site containing malware.
According to studies, the challenges observed by the experts in the website security industry are primarily related to lack of prevention, knowledge, software education.