As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may use, we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin WooCommerce Frontend Manager (WCFM) by requesting this file:

• /wp-content/plugins/wc-frontend-manager/readme.txt

We are not aware of any publicly disclosed vulnerabilities that might explain this. In doing our standard checks when we see what looks to be a hacker probing for usage of a plugin, we found that low-level users have access to AJAX functions only intended for users managing the website. That is a more significant issue than with the average plugin, since the plugin is designed to work with WooCommerce plugins by default, WordPress websites running WooCommerce allow untrusted individuals to create WordPress accounts. [Read more]