The following tutorial column of WordPress will introduce to you the situation of high-risk vulnerabilities found in three WordPress plug-ins. I hope it will be helpful to friends in need!
Researchers discovered high-risk vulnerabilities in three WordPress plugins
Recently, researchers from WordPress security company Wordfence discovered a serious vulnerability that can affect three WordPress plugins. A different WordPress plugin and has impacted over 84,000 websites. The execution code of this vulnerability is tracked as CVE-2022-0215, which is a cross-site request forgery (CSRF) attack. The Common Security Vulnerability Scoring System (CVSS) gave it a score of 8.8.
On November 5, 2021, the Wordfence company intelligence team discovered this vulnerability in the Login/Signup Popup plug-in for the first time and initiated the disclosure process. A few days later they discovered the same vulnerability in the Cart Woocommerce (Ajax) plugin and the Waitlist Woocommerce (Back in stock notifier) plugin. Through this vulnerability, an attacker could update any site options on a compromised website by tricking the site administrator into performing a single action.
An attacker will typically craft a request that triggers an AJAX action and performs that function. If an attacker is able to successfully trick a site administrator into performing an action such as clicking a link or browsing to a website, and the administrator is authenticated to the target site, the request will be sent successfully and the action will be triggered. Allows an attacker to update arbitrary options on the site.
An attacker can exploit this vulnerability to update the "users_can_register" (i.e. anyone can register) option on the website to OK and set the "default_role" (i.e. the default role for users registered on the blog) Set as an administrator, he can then register as an administrator on the compromised website and take over it completely.
Three plugins reported by the Wordfence team that impact Xootix maintenance:
-
Login/Signup Popup plugin (over 20,000 installs)
Side Cart Woocommerce (Ajax) plugin (over 4000 installs)
Waitlist Woocommerce (Back in stock notifier) plugin (over 60000 installs)
These three XootiX plugins are designed to provide enhanced functionality for WooCommerce websites. The Login/Signup Popup plugin allows adding login and signup popups to standard websites and websites running the WooCommerce plugin. Waitlist WooCommerce plugin allows adding product waitlists and out-of-stock item notifications. The Side Cart Woocommerce plugin makes the shopping bar available anywhere on the website with support via AJAX.
Regarding this vulnerability, the Wordfence team specifically reminds WordPress users to check whether the version running on their website has been updated to the latest patched version available for these plug-ins, namely Login/Signup Popup plug-in version 2.3, Waitlist Woocommerce plug-in 2.5 .2 version", and Side Cart Woocommerce plugin version 2.1.
Reference source:
https://securityaffairs.co/wordpress/126821/hacking/wordpress-plugins-flaws -2.html
The above is the detailed content of These WordPress plugins have high-risk vulnerabilities!. For more information, please follow other related articles on the PHP Chinese website!
What are the advantages of using WordPress over coding a website from scratch?Apr 25, 2025 am 12:16 AMWordPressisadvantageousovercodingawebsitefromscratchdueto:1)easeofuseandfasterdevelopment,2)flexibilityandscalability,3)strongcommunitysupport,4)built-inSEOandmarketingtools,5)cost-effectiveness,and6)regularsecurityupdates.Thesefeaturesallowforquicke
What makes WordPress a Content Management System?Apr 24, 2025 pm 05:25 PMWordPressisaCMSduetoitseaseofuse,customization,usermanagement,SEO,andcommunitysupport.1)Itsimplifiescontentmanagementwithanintuitiveinterface.2)Offersextensivecustomizationthroughthemesandplugins.3)Providesrobustuserrolesandpermissions.4)EnhancesSEOa
How to add a comment box to WordPressApr 20, 2025 pm 12:15 PMEnable comments on your WordPress website to provide visitors with a platform to participate in discussions and share feedback. To do this, follow these steps: Enable Comments: In the dashboard, navigate to Settings > Discussions, and select the Allow Comments check box. Create a comment form: In the editor, click Add Block and search for the Comments block to add it to the content. Custom Comment Form: Customize comment blocks by setting titles, labels, placeholders, and button text. Save changes: Click Update to save the comment box and add it to the page or article.
How to copy sub-sites from wordpressApr 20, 2025 pm 12:12 PMHow to copy WordPress subsites? Steps: Create a sub-site in the main site. Cloning the sub-site in the main site. Import the clone into the target location. Update the domain name (optional). Separate plugins and themes.
How to write a header of a wordpressApr 20, 2025 pm 12:09 PMThe steps to create a custom header in WordPress are as follows: Edit the theme file "header.php". Add your website name and description. Create a navigation menu. Add a search bar. Save changes and view your custom header.
How to display wordpress commentsApr 20, 2025 pm 12:06 PMEnable comments in WordPress website: 1. Log in to the admin panel, go to "Settings" - "Discussions", and check "Allow comments"; 2. Select a location to display comments; 3. Customize comments; 4. Manage comments, approve, reject or delete; 5. Use <?php comments_template(); ?> tags to display comments; 6. Enable nested comments; 7. Adjust comment shape; 8. Use plugins and verification codes to prevent spam comments; 9. Encourage users to use Gravatar avatar; 10. Create comments to refer to
How to upload source code for wordpressApr 20, 2025 pm 12:03 PMYou can install the FTP plug-in through WordPress, configure the FTP connection, and then upload the source code using the file manager. The steps include: installing the FTP plug-in, configuring the connection, browsing the upload location, uploading files, and checking that the upload is successful.
How to copy wordpress codeApr 20, 2025 pm 12:00 PMHow to copy WordPress code? Copy from the admin interface: Log in to the WordPress website, navigate to the destination, select the code and press Ctrl C (Windows)/Command C (Mac) to copy the code. Copy from a file: Connect to the server using SSH or FTP, navigate to the theme or plug-in file, select the code and press Ctrl C (Windows)/Command C (Mac) to copy the code.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
Atom editor mac version download
The most popular open source editor
