Skip to main content

SQL injection vulnerability in WooCommerce : Wordfence

By dp2web
Wordpress Woocommerce Vulnerability


Yesterday Matt Barry, researchers at Wordfence discovered a SQL injection vulnerability in WooCommerce version 2.3.5 and more established amid a code review of the plugin storehouse. WooCommerce is introduced on more than 1 million active WordPress websites.

Wordfence has quickly reached Woo about the issue and they've been unimaginably responsive, discharging a fix early today with their arrival of WooCommerce version 2.3.6.

We emphatically recommend you instantly upgrade on the off chance that you have not as of now.

The particular issue is a SQL injection weakness in the administrator board. Inside the Tax Settings page of WooCommerce, the key of the "tax_rate_country" POST parameter is passed unescaped into a SQL insert articulation. For instance, a payload of tax_rate_country[(SELECT SLEEP(10))] would result in the MySQL server to rest for 10 seconds.

Since this helplessness requires either a Shop Manager or Admin client account, it would need to be consolidated with a XSS attack so as to be misused.

What to do: Upgrade promptly to version 2.3.6 of WooCommerce which contains the fix.

Thanks to the WooThemes team for instantly tending to the issue and pushing the fix inside a couple of HOURS of accepting the report.

If you don't mind make sure to tweet, FB or email as expected to help spread the saying to your kindred WordPress site admins.
Labels:

Popular posts from this blog

Are you Water Literate? Why its important?

By
Water Literacy implies knowing where your water originates from and how you utilize it  It's a basic concept yet information about how all your water is supplied can be exceptionally mind boggling. To begin with, conveying water to you is not simply conveying stream to the tap and toilet. Each thing in your house obliged water to be made, so you are encompassed by their embedded water cost. Food, clothes, furniture, electronics – everything costs water to produce.  For instance, creating electricity is extremely water escalated. Dams require solid streaming rivers, coal and nuclear plants need billions of gallons to operate. Indeed, even solar panels oblige water to be produced. Contingent upon where your electricity originates from, it takes 6 to 12 gallons of water to produce one hour of force for a single 60 watt light.  Water Literacy sets standards for water information that each young adult ought to know by age 18 as essential knowledge for healthy and fe...
Read more

Nearly 1000 startups expected to be funded in 2016: Report

By
The forecast depends on the run-rate seen in Q1 2016, and the contribution from first quarter to the yearly deal volume. There have been 255 deals till mid-April this year, said the report.  2016 will keep on being the year for startups as investment funds keep the money desiring a generally cash-compelled ecosystem. While financial speculators will keep subsidizing the startups, 'little is protected' is liable to be the characterizing theme for startup subsidizing, as deal size is relied upon to be much littler in contrast with the hyper subsidizing as of late, claims VCCEdge Q1CY2016 Startup India Funding Report.  The year 2016, consequently, will be the year of solidification with startup valuations getting trimmed, early-stage financial specialists turning mindful and a general fixing of purse strings.  The report characterizes startups as organizations that have reported raising an Angel or Seed-stage subsidizing, or a Venture Capital Round An or Round B in th...
Read more

Why odd-even doesn’t seem to be working this time?

By
The odd-even traffic policy has been actualized for the second time in the midst of huge public support for the first edition in January when residents of Delhi witnessed sliced traffic on Delhi's busiest stretches even however the impact on pollution has been sketchy.  This time, be that as it may, things have not been as smooth even in the underlying stages. Huge traffic jams were witnessed on Monday on arterial stretches, for example, Akshardham, South Extension, Bhairon Marg, Azadpur, ITO (towards Vikas Marg), India Gate, Dhaula Kuan, Patel Nagar, Punjabi Bagh, Delhi-Gurgaon Road, and the Ashram crossing point in the morning surge hours.  Top five possible reasons why the road rationing policy is not as powerful this time:  1. Schools  In the first phase, schools in the city were closed which implied less cars on the roads. This time, the schools are open and with private cars utilizing on exchange days, there are more school transports on roads. ...
Read more