As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website several days ago for the plugin PW WooCommerce Bulk Edit by requesting these files:

• /wp-content/plugins/pw-bulk-edit/readme.txt
• /wp-content/plugins/pw-bulk-edit/assets/js/results.js
• /wp-content/plugins/pw-bulk-edit/license.txt

In a quick check over the plugin we found that it contains multiple security issues. The most likely obvious security issue that hackers would be interested on targeting based on what we saw is that anyone logged in to WordPress can change the name of a WooCommerce product to include malicious JavaScript code, which is an authenticated persistent cross-site scripting (XSS) vulnerability (through the same functionality the price and other product attributes can be changed as well).  Since the plugin extends WooCommerce and WooCommerce by default allows the public access to WordPress accounts, the access needed to exploit this would usually be easily accessible. [Read more]