Security News > 2021 > July > Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed.
The exploitation prompted WooCommerce to release an emergency patch for the issue late on Wednesday.
The related plugin affected by the bug is the WooCommerce Blocks feature, which is installed on more than 200,000 sites.
The vulnerability affects versions 3.3 to 5.5 of the WooCommerce plugin and WooCommerce Blocks 2.5 to 5.5 plugin.
If your storefront is using WooCommerce version 5.3, you can update to version 5.3.1 to minimize the risk of compatibility issues."
WooCommerce is also recommending administrative password resets after updating to provide additional protection.
News URL
https://threatpost.com/zero-day-attacks-woocommerce-databases/167846/
Related news
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)