Home Hacking News XSS Vulnerability Discovered In YITH WooCommerce Ajax Product Filter WordPress Plugin
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

XSS Vulnerability Discovered In YITH WooCommerce Ajax Product Filter WordPress Plugin

by Abeerah Hashim
written by Abeerah Hashim
Shield Security WP plugin patched file inclusion vulnerability

One more WordPress plugin potentially risked the security of over 100,000 websites due to a security flaw. Reportedly, a serious cross-site scripting (XSS) vulnerability existed in the YITH WooCommerce Ajax Product Filter WordPress plugin. Exploiting this vulnerability could allow an attacker to execute malicious scripts on the target website.

YITH WooCommerce Ajax Product Filter Plugin Flaw

Researchers from Sucuri shared details of their findings regarding a security flaw in the YITH WooCommerce Ajax Product Filter plugin.

As stated in their post, an XSS vulnerability affected the plugin which could let an attacker execute malicious scripts. The bug developed because the plugin lacked proper sanitization of user input. Therefore, an attacker could exploit the victim’s user account to execute different malicious actions on the site.

Although, successful exploitation of the vulnerability essentially required user interaction. Moreover, an attacker could only execute malicious scripts in the context of the current user.

However, things would become serious if the target account has admin rights to the site.

Describing the vulnerability in their post, the researchers stated,

By exploiting this vulnerability, an attacker can perform requests to add unwanted spam content or execute other malicious actions asynchronously based on the privilege level of the victim.

Patch Rolled Out

According to the details shared, this was a medium severity bug that received a severity score of 6.

Upon discovering the flaw, the researchers reached out to the developers of the respective plugin to address the issue.

Consequently, the developers fixed the bug with the release of YITH WooCommerce Ajax Product Filter plugin version 3.11.1.

Now that the update is out, users must ensure updating their websites to the latest plugin version to stay safe.

Earlier this month, hackers exploited XSS vulnerability in WordPress plugins to target over a million websites in an attempt to harvest their database credentials.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses