The U.S government National Vulnerability Database (NVD) published cautions of vulnerabilities in five WooCommerce WordPress plugins impacting over 135,000 setups.
Much of the vulnerabilities range in severity to as high as Critical and ranked 9.8 on a scale of 1-10.
Every vulnerability was assigned a CVE identity number (Typical Vulnerabilities and Direct exposures) offered to discovered vulnerabilities.
1. Advanced Order Export For WooCommerce
The Advanced Order Export for WooCommerce plugin, installed in over 100,000 sites, is susceptible to a Cross-Site Request Forgery (CSRF) attack.
A Cross-Site Demand Forgery (CSRF) vulnerability develops from a flaw in a website plugin that allows an assaulter to fool a site user into performing an unexpected action.
Site web browsers generally consist of cookies that inform a website that a user is signed up and logged in. An enemy can assume the opportunity levels of an admin. This gives the aggressor full access to a website, exposes delicate client information, and so on.
This specific vulnerability can lead to an export file download. The vulnerability description doesn’t describe what file can be downloaded by an attacker.
Considered that the plugin’s function is to export WooCommerce order information, it may be reasonable to assume that order data is the type of file an enemy can access.
The official vulnerability description:
“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin