Security News > 2023 > July > Hackers exploiting critical WordPress WooCommerce Payments bug
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation.
WooCommerce Payments is a very popular WordPress plugin allowing websites to accept credit and debit cards as payment in WooCommerce stores.
As the vulnerability allows any remote user to impersonate an administrator and take complete control over a WordPress site, Automattic force installed the security fix of WordPress installations utilizing the plugin.
As part of the blog post, RCE Security released a proof-of-concept exploit that uses this flaw to create a new admin user on vulnerable WordPress sites, making it easy for threat actors to take complete control over the site.
Today, WordPress security firm Wordfence warned that threat actors are exploiting this vulnerability in a massive campaign targeting over 157,000 sites by Saturday.
WordPress Stripe payment plugin bug leaks customer order details.
News URL
Related news
- Ransomware payments are now a critical business decision (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Premium WPLMS WordPress plugins address seven critical flaws (source)
- Unpatched critical flaws impact Fancy Product Designer WordPress plugin (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)