Security News > 2020 > November > WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug
2020-11-06 21:56

A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection.

Welcart e-Commerce is a free WordPress plugin that has more than 20,000 installations - it enjoys top market share in Japan, according to WordPress.

PHP object injection is an application-level vulnerability that paves the way for code injection, SQL injection, path traversal and application denial-of-service.

In October, two high-severity vulnerabilities were disclosed in Post Grid, a WordPress plugin with more than 60,000 installations, which open the door to site takeovers.

Newsletter, a WordPress plugin with more than 300,000 installations, was discovered to have a pair of vulnerabilities that could lead to code-execution and even site takeover.


News URL

https://threatpost.com/wordpress_open_to_attacks_welcart_bug/161037/

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159