A fairly popular WordPress plugin that’s used for offering gift cards has a critical vulnerability, offering unauthenticated hackers to perform remote scams through legitimate sites.
YITH WooCommerce Gift Cards Premium, the plugin that’s infested with bugs, also has a patched version released by the vendor, but all the site admins are yet to upgrade to it. Exploitations against the bug are ongoing, with researchers warning site admins to act quickly.
Bug in a Popular Gift Card Plugin
A WordPress plugin named YITH WooCommerce Gift Cards Premium has a critical vulnerability tracked as CVE-2022-45359 that offers hackers remote access to vulnerable sites if exploited.
The plugin is installed on over 50,000 WordPress sites for the use of offering online gift cards through WordPress sites. Well, the bug in this plug-in will not make all the relying sites vulnerable to cyberattacks, which have a severity score of 9.8/10.
Discovered on November 22, 2022, the bug affects all the plugin versions up to 3.19.0. Though the vendor released a patched version, v3.21.0, it’s still the duty of the site admins to install it and be safe. Researchers noted that exploiting this bug will let unauthenticated attackers upload files to vulnerable sites, which may include backdoors for maintaining persistent access.
As such attacks are ongoing, researchers and the vendor strongly recommended people apply the patched version immediately. To detect if you’re affected by this or not, Wordfence researchers said any malicious requests noted in the logs, like unexpected POST requests from unknown IP addresses – should be considered a sign of attack!
Site admins should act immediately by removing the access and upgrading their plugin version to the patched one.
Other Trending News:- News