Security News > 2022 > December > Hackers exploit bug in WordPress gift card plugin with 50K installs
Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.
YITH WooCommerce Gift Cards Premium is a plugin that website operators to sell gift cards in their online stores.
Many sites still use the older, vulnerable version, and hackers have already devised a working exploit to attack them.
According to WordPress security experts at Wordfence, the exploitation effort is well underway, with hackers leveraging the vulnerability to upload backdoors on the sites, obtain remote code execution, and perform takeover attacks.
Wordfence reverse-engineered an exploit hackers are using in attacks, finding that the issue lies in the plugin's "Import actions from settings panel" function that runs on the "Admin init" hook.
The exploitation attempts are still ongoing, so users of the YITH WooCommerce Gift Cards Premium plugin are recommended to upgrade to version 3.21 as soon as possible.
News URL
Related news
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- The 4 WordPress flaws hackers targeted the most in Q1 2025 (source)