Skip to content
WP Jugaads

WP Jugaads

Beginners Guide for WordPress CMS

  • E-commerce
  • Freelancing
  • WordPress Blog
  • WordPress Plugins
  • Contact Us
Email Now
  • Home
  • »
  • Wordpress Plugins
  • »
  • 84,000 websites were affected by a high-severity vulnerability in three WordPress plugins
  • »
  • Tips & Tricks, Wordpress Plugins
  • January 20, 2022May 15, 2023
  • 0

84,000 websites were affected by a high-severity vulnerability in three WordPress plugins

Researchers uncovered a security weakness in three different WordPress plugins that affect over 84,000 websites and might be used by a malicious actor to take control of them.

In a report released last week, Wordfence, a WordPress security company, noted.

“This flaw allowed an attacker to change arbitrary site settings on a susceptible site if they could trick the site’s administrator into completing an action, such as clicking on a link.”

The cross-site request forgery (CSRF) bug, dubbed CVE-2022-0215, is scored 8.8 on the CVSS scale and affects three Xootix plugins —

  • Login/Signup Popup (Inline Form + Woocommerce),
  • Side Cart Woocommerce (Ajax), and
  • Waitlist Woocommerce (Back in stock notifier)

Cross-site request forging, also known as one-click attack or session riding.

It occurs when an authorized end-user is tricked into making a specifically designed online request.

84,000 websites were affected by a high-severity vulnerability in three WordPress plugins

The flaw stems from a lack of validation when processing AJAX requests.

Allowing an attacker to set the “users can register” (i.e., anyone can register) option on a site to true.

And the “default role” option to the administrator (i.e., the default role of users who register on the blog).

Thereby granting them total authority.

Side Cart Woocommerce and Waitlist Woocommerce have over 4,000 and 60,000 installs, respectively, while Login/Signup Popup has over 20,000 installations.

Login/Signup Popup has over 20,000 installations, while Side Cart Woocommerce and Waitlist Woocommerce have over 4,000 and 60,000 installations, respectively.

After responsible disclosure by Wordfence researchers in November 2021.

The bug was resolved in Login/Signup Popup version 2.3, Side Cart Woocommerce version 2.1, and Waitlist Woocommerce version 2.5.2.

The discoveries came just over a month after hackers used flaws in four plugins and 15 Epsilon Framework themes to assault 1.6 million WordPress sites as part of a large-scale attack effort that spanned 16,000 IP addresses.

Though this Cross-Site Request Forgery (CSRF) vulnerability is less likely to be abused due to the need for administrator input, it may have a major impact on a successfully attacked site.

Conclusion

As a result, as such, it serves as an incredibly important reminder to remain aware when clicking on links or attachments and to ensure that your plugins and themes are regularly updated.

Post Views: 939

ismail

  • 5 Best WordPress Malware Removal Plugins [2024]
  • 7 Best GoDaddy Alternatives to Benefit from in 2024

Related Posts

How to Fix Gravity Forms Not Showing in Elementor Pop-Ups

  • November 26, 2024November 26, 2024
  • 0

Why WordPress is the Best Platform for E-Commerce Stores

  • May 18, 2022October 19, 2022
  • 0

Search

  • Blogging
  • E-commerce
  • Freelancing
  • How to
  • Internet
  • Tips & Tricks
  • Uncategorized
  • Wordpress
  • Wordpress Blog
  • Wordpress Fixes
  • Wordpress Hosting
  • Wordpress Plugins
  • Wordpress Themes

YOU MAY LIKE..

WordPress Lead Generation: The Comprehensive Guide

  • June 4, 2022February 20, 2023
  • 0

How to Get Traffic to Your Blog: The Ultimate Guide (2024)

  • May 16, 2022May 1, 2023
  • 0

The Ultimate WordPress Security Guide – Step by Step (2024)

  • May 9, 2022October 19, 2022
  • 0

How can I speed up my WordPress site in 2024?

  • April 25, 2022October 19, 2022
  • 0

WP Jugaads

  • About Us
  • Contact Us
  • Disclaimer
  • Home
  • Posts
  • Privacy Policy
  • Terms & Conditions
  • E-commerce
  • Freelancing
  • WordPress Blog
  • WordPress Plugins
  • Contact Us

Copyright All Rights Reserved 2022 Wp Jugaads | Theme: Pritam by Template Sell.