Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

2023-03-24 07:51

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites.

It impacts versions 4.8.0 through 5.6.1.

Put differently, the issue could permit an "Unauthenticated attacker to impersonate an administrator and completely take over a website without any user interaction or social engineering required," WordPress security company Wordfence said.

WooCommerce also said it worked with WordPress to auto-update sites using affected versions of the software.

The maintainers of the e-commerce plugin noted that it's disabling the WooPay beta program owing to concerns that the security defect has the potential to impact the payment checkout service.

Besides updating to the latest version, users are recommended to check for newly added admin users, and if so, change all administrator passwords and rotate payment gateway and WooCommerce API keys.

News URL

https://thehackernews.com/2023/03/critical-woocommerce-payments-plugin.html

#critical #payment #woocommerce #wordpress

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress	49	36	408	104	29	577
Woocommerce	33	2	42	17	2	63
Plugin	2	0	13	0	0	13

News URL

Related news

Related vendor