WordPress Design Flaw + WooCommerce Flaw = Site Takeover

According to new research by Simon Scannell, a researcher for PHP Security firm RIPS Tech, a design flaw in the WordPress permission system used by plugins and a file deletion vulnerability in a very popular eCommerce plugin called WooCommerce could allow attackers to gain full control over a WordPress site.

WooCommerce by Automattic is a popular WordPress plugin that adds eCommerce functionality to a blog so that site owners can host their own stores. According to the WooCommerce plugin page at WordPress.org, there are over 4 million active installations of the plugin.

Read more about the serious WordPress flaw on BleepingComputer.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief