Security News > 2022 > December > Hackers exploit bug in WordPress gift card plugin with 50K installs
Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.
YITH WooCommerce Gift Cards Premium is a plugin that website operators to sell gift cards in their online stores.
Many sites still use the older, vulnerable version, and hackers have already devised a working exploit to attack them.
According to WordPress security experts at Wordfence, the exploitation effort is well underway, with hackers leveraging the vulnerability to upload backdoors on the sites, obtain remote code execution, and perform takeover attacks.
Wordfence reverse-engineered an exploit hackers are using in attacks, finding that the issue lies in the plugin's "Import actions from settings panel" function that runs on the "Admin init" hook.
The exploitation attempts are still ongoing, so users of the YITH WooCommerce Gift Cards Premium plugin are recommended to upgrade to version 3.21 as soon as possible.
News URL
Related news
- Hackers exploit Four-Faith router flaw to open reverse shells (source)
- Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)