19 Dec

Our Proactive Monitoring Caught an Arbitrary File Upload Vulnerability Being Introduced In To a Plugin That Works With WooCommerce

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that we just caught one of the most likely to be exploited types of vulnerabilities being introduced in to a plugin. That being an arbitrary file upload vulnerability, which provides hackers with an easy way of gaining complete access to a website since they can upload a file with whatever malicious code they want and then cause that to run. The plugin itself, 3D Product configurator for WooCommerce, isn’t popular, with “Fewer than 10” installations according to wordpress.org, but in yet another reminder that those using WooCommerce need to be concerned about the security of any plugins they use with that, this is yet another WooCommerce tied plugin we have recently found a fairly serious security issue with.

[Read more]