If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.
A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support forum has once again dropped details and proof-of-concept exploit for a critical flaw in a widely-used WordPress plugin.
To be clear, the reported unpatched vulnerability doesn’t reside in the WordPress core or WooCommerce plugin itself.
Instead, the vulnerability exists in a plugin, called WooCommerce Checkout Manager, that extends the functionality of WooCommerce by allowing eCommerce sites to customise forms on their checkout pages and is currently being used by more than 60,000 websites.
The vulnerability in question is an “arbitrary file upload” issue that can be exploited by unauthenticated, remote attackers if the vulnerable sites have “Categorise Uploaded Files” option enabled within WooCommerce Checkout Manager plugin settings.
“From the more technical aspect, vulnerability occurs inside ‘includes/admin.php’ file at line 2084 on which application is moving given files to a directory using ‘move_uploaded_file’ without prior proper check for allowed files,” explains a blog post published Thursday by web application security platform WebARX, who warned their users after Plugin Vulnerabilities made the flaw public.
If exploited, the flaw could allow attackers to execute arbitrary server-side script code in the context of the web server process and compromise the application to access or modify data or gain administrative access.
images from Hacker News