Dismiss this notice
Ashampoo Photo Optimizer 7 New Year 2019 Giveaway-https://www.geeks.fyi/showthread.php?tid=4948

Dismiss this notice
MakeUSLaugh_HitmanPro.Alert New Year 2019 Giveaway- https://www.geeks.fyi/showthread.php?tid=4946

Dismiss this notice
Ashampoo Burning Studio 20 New Year 2019 Giveaway- https://www.geeks.fyi/showthread.php?tid=4947

Dismiss this notice
PowerISO New Year 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5170


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
WordPress, WooCommerce flaws combine to allow website hijacking
#1
Quote:A flaw in how WordPress handles privilege assignments can be exploited to permit attackers to hijack WooCommerce websites.

The issue in the content management system (CMS) was discovered by Simon Scannell, a security researcher from RIPS Technologies, who said in a blog post that the design flaw specifically impacts WooCommerce, a popular WordPress plugin which has been downloaded over four million times.

"The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account," the security researcher says.

The plugin has been developed by Automattic and is a free e-commerce system for WordPress-based websites.

A file deletion bug was found in the software, and on its own, would generally not be considered critical as the best an attacker could do would be to delete index.php pages and cause a denial of service. However, when coupled with the WordPress design flaw, the bug's severity increases.

Source: https://www.zdnet.com/article/wordpress-...hijacking/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
[Official] O&O DiskImage 14 Professional...
Last Post: Alex42
Today 17:50
» Replies: 22
» Views: 1315
Websites Can Exploit Browser Extensions ...
Last Post: silversurfer
Today 17:11
» Replies: 0
» Views: 12
RogueKiller 13.1.22.0
Last Post: harlan4096
Today 16:59
» Replies: 0
» Views: 13
Ex-Employee Hacks WPML WordPress Plugin ...
Last Post: silversurfer
Today 14:16
» Replies: 0
» Views: 16
81% discount - 3 great tools to control ...
Last Post: Toligo
Today 14:13
» Replies: 0
» Views: 18
New Phobos ransomware exploits weak secu...
Last Post: silversurfer
Today 14:09
» Replies: 0
» Views: 21
How to educate your employees about cybe...
Last Post: harlan4096
Today 09:01
» Replies: 0
» Views: 15
My data was leaked in Collection #1. Wha...
Last Post: harlan4096
Today 08:59
» Replies: 0
» Views: 17
An ex-employee’s cyberrevenge
Last Post: harlan4096
Today 08:57
» Replies: 0
» Views: 15
A small sex toy with big problems
Last Post: harlan4096
Today 08:56
» Replies: 0
» Views: 18
The future of the digital assistant Cort...
Last Post: harlan4096
Today 08:52
» Replies: 0
» Views: 18
The end of Windows 10 Mobile: the facts
Last Post: harlan4096
Today 08:51
» Replies: 0
» Views: 16
Privacy-Oriented Origin Policy for Firef...
Last Post: harlan4096
Today 08:48
» Replies: 0
» Views: 20
Pale Moon
Last Post: harlan4096
Today 08:47
» Replies: 1
» Views: 258
Check all KeePass passwords against the ...
Last Post: harlan4096
Today 08:41
» Replies: 0
» Views: 18
Permission Inspector for Firefox
Last Post: harlan4096
Today 08:40
» Replies: 0
» Views: 16
Microsoft to split Search and Cortana in...
Last Post: harlan4096
Today 08:38
» Replies: 0
» Views: 20
Windows 10 1903 may display Let's make W...
Last Post: harlan4096
Today 08:37
» Replies: 0
» Views: 17
Manage Firefox Add-ons keyboard shortcut...
Last Post: harlan4096
Today 08:36
» Replies: 0
» Views: 20
Mozilla puts Firefox Test Pilot program ...
Last Post: harlan4096
Today 08:34
» Replies: 0
» Views: 20

[-]
Staffs Online
harlan4096's profile harlan4096
Administrator