WordPress Design Flaw + WooCommerce Flaw = Site Takeover

According to new research by Simon Scannell, a researcher for PHP Security firm RIPS Tech, a design flaw in the WordPress permission system used by plugins and a file deletion vulnerability in a very popular eCommerce plugin called WooCommerce could allow attackers to gain full control over a WordPress site.

WooCommerce by Automattic is a popular WordPress plugin that adds eCommerce functionality to a blog so that site owners can host their own stores. According to the WooCommerce plugin page at WordPress.org, there are over 4 million active installations of the plugin.

Read more about the serious WordPress flaw on BleepingComputer.