Security News > 2021 > July > Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed.
The exploitation prompted WooCommerce to release an emergency patch for the issue late on Wednesday.
The related plugin affected by the bug is the WooCommerce Blocks feature, which is installed on more than 200,000 sites.
The vulnerability affects versions 3.3 to 5.5 of the WooCommerce plugin and WooCommerce Blocks 2.5 to 5.5 plugin.
If your storefront is using WooCommerce version 5.3, you can update to version 5.3.1 to minimize the risk of compatibility issues."
WooCommerce is also recommending administrative password resets after updating to provide additional protection.
News URL
https://threatpost.com/zero-day-attacks-woocommerce-databases/167846/
Related news
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)