Kowatek Solar LTD
Largest wind farm in the United States slated to begin commercial operations
17:53
Largest wind farm in the United States slated to begin commercial operations
RETC PV Module Index highlights panel reliability concerns
14:31
RETC PV Module Index highlights panel reliability concerns
SEIA: AI is fueling a massive US energy storage boom
07:36
SEIA: AI is fueling a massive US energy storage boom
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
17:55
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
France VAT compliance
17:59
France VAT compliance
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
17:54
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
Why Britain is saying no to hydrogen boilers
17:53
Why Britain is saying no to hydrogen boilers
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France

WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites

Vulnerable code has been discovered in the WooCommerce payment solution plugin for the WordPress content management system (CMS) that could allow an unauthenticated attacker to gain administrative privileges and take over a website.

The findings, which come from WordPress security experts at Wordfence, describe a major authentication bypass in a blog post published Thursday.

More information about the WordPress plugin vulnerability can be found here: High-severity WordPress plugin bugs reach 3 million

A Wordfence blog post written by senior threat researcher Ram Gall explains how the team discovered the vulnerability after analyzing version 5.6.2 of the WooCommerce plugin the same day it was released. I’m here.

“We have reviewed the update and found that it has removed vulnerable code that could allow an unauthenticated attacker to impersonate an administrator and take complete control of a website without the need for user interaction or social engineering. I understand,” writes Gall.

The researchers also revealed that the changelog entry for the 5.6.2 plugin only listed “security updates” without mentioning details of the critical flaws that were patched.

“Regardless of what version of Wordfence you are using, we recommend that you immediately update to the latest version of the WooCommerce Payments plugin (5.6.2 at the time of this writing),” warned Gall. “WooCommerce Payments is installed on over 500,000 of his sites and this is a serious vulnerability.

Gall also clarified that the Wordfence team is unaware whether the flaw was discovered internally by Automattic (the developer behind WooCommerce) or reported by an outside researcher. Wordfence has not yet found this vulnerability being exploited in the wild, but that may change in the near future.

“Once a proof of concept is made available to attackers, we can expect to see large-scale attacks targeting this vulnerability,” Gall added.

The flaw comes months after Sucuri security researchers discovered a malware campaign designed to boost the search engine rankings of over 15,000 spammy WordPress and other sites.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us