XSS Vulnerability Discovered In YITH WooCommerce Ajax Product Filter WordPress Plugin

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

One more WordPress plugin potentially risked the security of over 100,000 websites due to a security flaw. Reportedly, a serious cross-site scripting (XSS) vulnerability existed in the YITH WooCommerce Ajax Product Filter WordPress plugin. Exploiting this vulnerability could allow an attacker to execute malicious scripts on the target website.

YITH WooCommerce Ajax Product Filter Plugin Flaw

Researchers from Sucuri shared details of their findings regarding a security flaw in the YITH WooCommerce Ajax Product Filter plugin.

As stated in their post, an XSS vulnerability affected the plugin which could let an attacker execute malicious scripts. The bug developed because the plugin lacked proper sanitization of user input. Therefore, an attacker could exploit the victim’s user account to execute different malicious actions on the site.

Although, successful exploitation of the vulnerability essentially required user interaction. Moreover, an attacker could only execute malicious scripts in the context of the current user.

However, things would become serious if the target account has admin rights to the site.

Describing the vulnerability in their post, the researchers stated,

By exploiting this vulnerability, an attacker can perform requests to add unwanted spam content or execute other malicious actions asynchronously based on the privilege level of the victim.

Patch Rolled Out

According to the details shared, this was a medium severity bug that received a severity score of 6.

Upon discovering the flaw, the researchers reached out to the developers of the respective plugin to address the issue.

Consequently, the developers fixed the bug with the release of YITH WooCommerce Ajax Product Filter plugin version 3.11.1.

Now that the update is out, users must ensure updating their websites to the latest plugin version to stay safe.

Earlier this month, hackers exploited XSS vulnerability in WordPress plugins to target over a million websites in an attempt to harvest their database credentials.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!