The U.S federal government National Vulnerability Database (NVD) released cautions of vulnerabilities in five WooCommerce WordPress plugins impacting over 135,000 installations.
Many of the vulnerabilities vary in severity to as high as Crucial and rated 9.8 on a scale of 1-10.
Every vulnerability was appointed a CVE identity number (Typical Vulnerabilities and Direct exposures) offered to found vulnerabilities.
1. Advanced Order Export For WooCommerce
The Advanced Order Export for WooCommerce plugin, installed in over 100,000 sites, is susceptible to a Cross-Site Request Forgery (CSRF) attack.
A Cross-Site Demand Forgery (CSRF) vulnerability develops from a defect in a website plugin that enables an assailant to deceive a site user into performing an unexpected action.
Website internet browsers normally consist of cookies that tell a site that a user is registered and logged in. An opponent can presume the advantage levels of an admin. This provides the enemy full access to a site, exposes sensitive customer information, and so on.
This specific vulnerability can result in an export file download. The vulnerability description doesn’t describe what file can be downloaded by an aggressor.
Given that the plugin’s function is to export WooCommerce order data, it may be sensible to assume that order information is the sort of file an enemy can access.
The official vulnerability description:
“Cross-Site Demand Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin