In a continuation of our recent running across of plugins that work WooCommerce being insecure and in many cases being targeted by hackers, we had what appears to be a hacker probing for usage of the plugin Dropshix, which has the slogan “WooCommerce + Dropshipping Made Simple”, on our website recently and in looking over the plugin we found much of its admin functionality is insecure. These continuing problems are good reminder of the security risk surrounding plugins that extend WooCommerce functionality. Our main service can keep you alerted to publicly known vulnerabilities whether they are things we find because hackers are targeting them or otherwise disclosed. We also offer security reviews so that you can get the security of the plugins you use reviewed before hackers might come across vulnerabilities in them.

What we are still not sure what of that a hacker might be targeting, since some limited security in place rules out obvious issues and there is so much that is insecure that it makes it hard to narrow things down. One possibility is that they are abusing the insecurity of importing new products in to WooCommerce to create spam pages, which is a common thing done by hackers, though usually that is done after taking control of a website through a vulnerability instead of creating them directly through a vulnerability. [Read more]