The U.S federal government National Vulnerability Database (NVD) published warnings of vulnerabilities in 5 WooCommerce WordPress plugins impacting over 135,000 setups.
Much of the vulnerabilities vary in intensity to as high as Important and ranked 9.8 on a scale of 1-10.
Every vulnerability was appointed a CVE identity number (Typical Vulnerabilities and Direct exposures) offered to found vulnerabilities.
1. Advanced Order Export For WooCommerce
The Advanced Order Export for WooCommerce plugin, installed in over 100,000 websites, is susceptible to a Cross-Site Request Forgery (CSRF) attack.
A Cross-Site Request Forgery (CSRF) vulnerability emerges from a defect in a website plugin that allows an enemy to trick a site user into carrying out an unintentional action.
Site web browsers typically consist of cookies that tell a site that a user is signed up and visited. An assaulter can assume the opportunity levels of an admin. This gives the assaulter full access to a website, exposes sensitive customer info, and so on.
This particular vulnerability can lead to an export file download. The vulnerability description doesn’t describe what file can be downloaded by an assailant.
Considered that the plugin’s purpose is to export WooCommerce order information, it might be reasonable to assume that order information is the sort of file an assaulter can access.
The official vulnerability description:
“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin