Security-Stop-Press : Websites Hijacked Through WooCommerce Plugin Flaw
Wordfence warned that large-scale attacks are under way against a vulnerability (CVE-2023-28121) in the in the WooCommerce Payments WordPress plugin.
The flaw in the plugin, which is installed on over 600,000 sites, gives attackers authentication bypass so they can impersonate arbitrary users, and perform some actions, including as an administrator, potentially leading to site takeover.
Wordfence says patches for the bug were released by WooCommerce in March 2023, and WordPress has issued auto-updates to sites using affected versions of the plugin.
Share This!
MICROSOFT OFFICE 365
YOUR COMPLETE OFFICE IN THE CLOUD
Bringing together everyone's favourite productivity tools with the benefits of cloud-based communication and collaboration, Microsoft have developed a platform that is both technically & commercially-sound for businesses of any shape.