Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability inward the pop WooCommerce plugin that could allow a malicious or compromised privileged user to reach total command over the unpatched websites.
WooCommerce is 1 the virtually pop eCommerce plugins for WordPress that helps websites to upgrade their measure spider web log to a powerful online store. WooCommerce powers nearly 35% of e-stores on the internet, amongst to a greater extent than than iv meg installations.
Exploiting WooCommerce File-Deletion together with WordPress Design Flaws
The assail demonstrated inward the next video takes payoff of the agency WordPress handles user privileges together with WooCommerce file deletion vulnerability, allowing an concern human relationship amongst "Shop Manager" business office to eventually reset administrator accounts' password together with get got consummate command over the website.
When installed, WooCommerce extension creates "Shop Managers" accounts amongst "edit_users" capability, allowing them to edit client accounts of the store inward lodge to handle their orders, profiles, together with products.
In WordPress, an concern human relationship amongst "edit_users" capability past times default allowed to fifty-fifty edit an administrator concern human relationship together with reset its password. But to describe a permission-based job betwixt an administrator together with a store director account, the WooCommerce plugin adds to a greater extent than or less extra limitations on the store managers.
Now, according to Simon, a malicious Shop Manager tin forcefully disable the WooCommerce plugin past times exploiting a file deletion vulnerability that resides inward the logging characteristic of WooCommerce.
"This vulnerability allows store managers to delete whatever file on the server that is writable. By deleting the primary file of WooCommerce, woocommerce.php, WordPress volition endure unable to charge the plugin together with and hence disables it," Simon explains inward a blog post.
Once the file is deleted, the WooCommerce plugin gets disabled, allowing store managers to update the password for the administrator concern human relationship together with and hence get got over the consummate website.
Install WooCommerce together with WordPress Patch Updates
The researcher responsibly reported the safety issues to the Automattic safety team, who manages the WooCommerce plugin, via Hackerone on 30, August 2018. The squad acknowledged the flaws together with fixed them inward Woocommerce version 3.4.6 final month.
If you lot haven,t however updated your WordPress together with Woocommerce, you lot are highly recommended to install the latest available safety updates every bit shortly every bit possible.
