From Wordfence: There appears to be an XSS vulnerability in WooCommerce that allows an attacker to craft a website which will steal a WooCommerce administrators cookies when they visit that site and allow the attacker access the target site with admin privileges. The vulnerability is in WooCommerce version 2.0.17 which is what WooThemes is currently distributing . There is a fix in WooCommerce version 2.0.18 but that has not yet been released. We contacted WooThemes about this and they will be addressing this in the next minor release (2.0.18) either later today/tomorrow. Exploits for this vulnerability started appearing in the wild 48 hours ago. Once WooCommerce 2.0.18 is released please upgrade immediately. There is also a vulnerability in versions of WP Awesome Support plugin which uses jquery.fineuploader version 3.5.0. This vulnerability allows an attacker to upload any file to your system. The plugin was last updated on 14 September 2013 and this vulnerability appeared in the last few days in the hacker community, so we believe it to be in the current version of WP Awesome Support. Googling for details on this exploit will yield more info and includes examples of hacked websites. There is also an arbitrary file upload vulnerability in the current version of the Magnitudo theme in the wild, so please contact the vendor for a fix. The theme was last updated in April of this year. An exploit for this is being actively distributed. Google for details.
Posted on: Tue, 22 Oct 2013 01:54:25 +0000
Trending Topics
Recently Viewed Topics
© 2015