thousands of wordpress The website was found to use a vulnerable add-on that allowed threat actors to completely take over the website.
Researchers have discovered a critical flaw in YITH WooCommerce Gift Cards Premium, an add-on to the website builder that provides an interface for building gift cards on WordPress sites that have reportedly been hacked by more than 50,000 sites use.
The flaw itself is an unauthenticated arbitrary file upload vulnerability that, among other things, allows crooks to upload a web shell and gain full access to a targeted website.
Steal encrypted account details
The vulnerability, tracked as CVE-2022-45359 with a severity score of 9.8 – Critical, has since been patched, and users are urged to update their plugins as soon as there is evidence of the vulnerability in the wild.
It was first discovered in late November 2022, when researchers discovered that the flaw existed in all versions prior to 3.19.0. Therefore, users are advised to upgrade the add-on to at least 3.20.0 or 3.21.0, which is also available for download now.
The vulnerability was discovered by Wordfence, a cybersecurity firm that analyzes the WordPress ecosystem, and its researchers claim that threat actors have already exploited the vulnerability.
While most attacks occurred in November, when the vulnerability is still considered a zero-day, another usage spike was also observed on December 14, 2022.
Just two IP addresses (103.138.108.15 and 188.66.0.135) made more than 20,000 exploit attempts against nearly 12,000 websites.
While WordPress itself is relatively stable (approximately 0.5% of all WordPress-related vulnerabilities are in the web hosting platform itself), its ecosystem is large and thus offers ample opportunities for exploitation. Paid add-ons (such as this one) are often updated frequently, and the developers work hard to maintain the security of the product, while free add-ons often go on for months without patches, which can turn into a webmaster’s nightmare.
pass: Beep computer (opens in a new tab)