TI WooCommerce Wishlist WP Plugin Flaw Could Allow Site Takeovers

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

One more vulnerable WordPress plugin requires immediate attention from the users. This time, the flaw appeared in the TI WooCommerce Wishlist plugin allowing full site takeovers. The bug is already under active exploitation.

TI WooCommerce Wishlist Plugin Flaw

Researchers from NinTechNet found a serious security flaw in the TI WooCommerce Wishlist plugin for WordPress. Exploiting the vulnerability could allow an attacker to take over the target website.

Specifically, the vulnerability resides in the import/export settings of the plugin. As described in the researchers’ blog post,

The plugin has an import function in the “ti-woocommerce-wishlist/includes/export.class.php” script, loaded with the WordPress admin_action_ hook, that lacks a capability check and security nonce, allowing an authenticated user to modify the content of the WordPress options table in the database.

Thus, an attacker could easily register an account and change its role to admin. After that, the attacker could not only gain access to the site but could also redirect the site’s traffic to a malicious website.

According to the researchers, though, WooCommerce blocks non-admin users to enter the WordPress admin dashboard by default. However, it allows customer registration which enabled an adversary to exploit the flaw.

Bug Under Exploit – Update Asap!

NinTechNet stated that their firewall customers could observe active exploitation attempts of the flaw. This shows that the bug already arrived in the wild before getting the attention of the vendors or the researchers.

Thus, the researchers have warned all users of plugin version 1.21.11 or below of the active exploitation of the bug.

Fortunately, the plugin developers have patched the flaw with the release of the TI WooComerce Wishlist plugin version 1.21.12. Hence, all users must ensure updating their sites to the latest plugin version.

Whereas in case a site has already suffered a hack, NinTechNet recommends scanning the site for admin accounts and delete the hackers’ accounts. Also, affected admins should reset passwords and scan the sites for any suspicious files.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!