Security News > 2023 > March > Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
2023-03-24 07:51

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites.

It impacts versions 4.8.0 through 5.6.1.

Put differently, the issue could permit an "Unauthenticated attacker to impersonate an administrator and completely take over a website without any user interaction or social engineering required," WordPress security company Wordfence said.

WooCommerce also said it worked with WordPress to auto-update sites using affected versions of the software.

The maintainers of the e-commerce plugin noted that it's disabling the WooPay beta program owing to concerns that the security defect has the potential to impact the payment checkout service.

Besides updating to the latest version, users are recommended to check for newly added admin users, and if so, change all administrator passwords and rotate payment gateway and WooCommerce API keys.


News URL

https://thehackernews.com/2023/03/critical-woocommerce-payments-plugin.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Woocommerce 32 0 41 19 2 62
Plugin 2 0 13 1 0 14