Popular WordPress Plugin WooCommerce patches critical vulnerability

by Jake Doevan - -

WordPress users that own an eCommerce website powered by WooCommerce plugin should know that their online store could be compromised.

WooCommerce is a widely-used WordPress plugin that powers almost 35% of all e-stores and has over 4 million installations.

WooCommerce security vulnerabilityA security researcher at RIPS Technologies GmbH, Simon Scannell[1] has discovered an arbitrary file deletion flaw in the WooCommerce[2] plugin. The vulnerability could allow malicious actors to access and gain control over the unpatched online stores.

A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million installations. The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account.

The researcher reveals in the blog post technical details about the exploit.

WordPress automatically enables accounts with the edit_users permission to adjust settings, including the credentials of an admin account. However, WooCommerce plugin incorporate meta capabilities or function that controls if the user can adjust such settings, preventing the Shop Manager from editing admin accounts.

Vulnerability in WooCommerce plugin

The researcher illustrates the exploiting WooCommerce file-deletion and WordPress design vulnerabilities.

The video demonstrates how WordPress[3] handles user privileges and the file-deletion flaw in the plugin, enabling an account with a manager permissions to reset administrator’s credentials and take a full control over the website.

https://www.youtube.com/watch?v=lpItKmjoe0I

Simon Scannell revealed that if the administrator user disables the WooCommerce plugin, the configuration which caused the limitation does not work and Shop Manager accounts are able to edit and reset the administrator credentials. The researcher indicates that a malicious manager account can disable the WooCommerce plugin by exploiting a file deletion flaw in the logging feature.

This vulnerability allows shop managers to delete any file on the server that is writable. By deleting the main file of WooCommerce, woocommerce.php, WordPress will be unable to load the plugin and then disables it.

Once the malicious shop manager deletes the file, the WooCommerce plugin also gets disabled. In this case, shop managers are able to update passwords for the administrator account and then take over the access and control for the e-shop.

Users are recommended to install WooCommerce and WordPress patch Updates

The vulnerability was reported to the managers of the WooCommerce plugin, Automattic security team. The flaw was fixed in WooCommerce version 3.4.6.

If you are running an earlier version of the WooCommerce plugin, make sure to update your WordPress and WooCommerce as soon as possible.

About the author

Jake Doevan
Jake Doevan - Computer security guru

Jake Doe is a security expert and news editor of Reviewedbypro.com. His major is Communication and Journalism, which he obtained from the Washington and Jefferson College.

Contact Jake Doevan
About the company Esolutions

References



Ask
now online
news
Subscribe
Privacy
Security
Recovery
Utilities
Like us on Facebook