Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,199,064 members, 7,970,282 topics. Date: Wednesday, 09 October 2024 at 05:30 AM |
Nairaland Forum / Science/Technology / Webmasters / Wordpress E-commerce Plug-in Puts Over 5,000 Websites At Risk (499 Views)
Easiest Way To Create Your Own Wordpress E-commerce Website / Create Or Buy Your Websites At A Cheap Rate / Hi Guys..... I Need A Plug-in For File Upload On Wordpress (2) (3) (4)
(1) (Reply)
Wordpress E-commerce Plug-in Puts Over 5,000 Websites At Risk by Nobody: 3:46pm On May 01, 2015 |
WordPress e-commerce plug-in puts over 5,000 websites at risk By Lucian Constantin Follow IDG News Service | Apr 30, 2015 6:25 AM PT TheCartPress, an e-commerce plug-in used on thousands of WordPress-based websites, has several high-risk vulnerabilities. There are currently no fixes available for the flaws and, according to its developer, support for the plug-in will be discontinued on June 1st. RELATED Flaw in WordPress caching plug-in could affect over 1 million sites At least 700,000 routers given to customers by ISPs are vulnerable to hacking WordPress security update patches external libraries, several vulnerabilities on IDG Answers How to retrieve data lost from Outlook address book after creating a shortcut? The vulnerabilities could allow attackers to “execute arbitrary PHP code, disclose sensitive data, and perform Cross-Site Scripting [XSS] attacks against users of WordPress installations with the vulnerable plug-in,” researchers from security firm High-Tech Bridge said in an advisory Wednesday. 6 simple tricks for protecting your passwords There are factors that limit the exploitation of some of the flaws, but they still pose a significant risk. For example, exploiting the vulnerability that allows PHP code execution requires the attacker to have administrative privileges on the WordPress website. However, an attacker could also trick the real administrator into running the exploit by visiting a malicious page, according to the High-Tech Bridge researchers. This is known as a cross-site request forgery (CSRF) attack. Another vulnerability allows unauthenticated attackers to browse orders placed by users of the e-commerce site that uses the plug-in. There are also multiple XSS issues, both in the administrative panel and user-accessible pages. These flaws could allow attackers to trick the site’s users into performing rogue actions when they click on specifically crafted URLs. XSS attacks where the victim is the site’s administrator obviously carry the highest risk. The High-Tech Bridge researchers claim that they tried to notify the plug-in’s developer about the flaws since Apr. 8 without success. They point out that the developer has already announced that “support for TheCartPress will end on June 1, 2015.” Since it’s not clear if the flaws will ever be fixed, the researchers recommend disabling or removing the plug-in. According to statistics from the official WordPress plug-in repository, TheCartPress currently has over 5,000 active installations. |
Re: Wordpress E-commerce Plug-in Puts Over 5,000 Websites At Risk by yomalex(m): 7:47pm On May 02, 2015 |
Crazy |
(1) (Reply)
Admin Needed On A Blog / SCHOOLFORCE™: A Powerful School Management Software, By A Teacher-developer / You Can Now Create Your Website With Us Today Free Of Charge And Easy To Setup
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 8 |