Bug identified in WooCommerce plugin for WordPress websites
Researchers with Sucuri have identified an object injection vulnerability in the WooCommerce plugin for WordPress websites.
The issue – which Sucuri deemed dangerous and easy to exploit – has been addressed in WooCommerce version 2.3.11, but all lower versions that have the “PayPal Identity Token” option set are at risk of a full site compromise.
“We managed to use a combination of WordPress and WooCommerce components with a known PHP bug (CVE-2013-1643) to download critical files, files like wp-config.php; for those unfamiliar, this file contains the database credentials and WordPress secret keys,” Marc-Alexandre Montpas, vulnerability researcher with Sucuri, wrote in a Wednesday blog post.
Montpas noted that there are several different attack vectors for an attacker to use, depending on what extensions are available.