Thousands of WordPress websites have been found to be using a vulnerability plugin that allows threat actors to take full control of the site.
Researchers have discovered a critical flaw in YITH WooCommerce Gift Cards Premium, a website builder plugin that provides an interface for creating gift cards on WordPress sites, believed to be used by over 50,000 websites.
The flaw itself is an unauthenticated arbitrary file download vulnerability, which allows criminals to, among other things, download web shells and gain full access to the targeted website.
Steal cryptographic account details
The vulnerability, tracked as CVE-2022-45359 and with a severity score of 9,8 (critical), has already been patched and users are advised to update their plugin as soon as possible as there is evidence of it being abused. of the fault in the wild.
It was first discovered in late November 2022, when researchers found the flaw present in all versions up to 3.19.0. Therefore, users are advised to bring the plugin to version 3.20.0 or 3.21.0 at a minimum, which is now also available for download.
The flaw was discovered by Wordfence, a cybersecurity firm that analyzes the Wordpress ecosystem, and its researchers say there are already threat actors exploiting the flaw.
While most of the attacks took place in November, when the flaw was still considered zero-day, another usage spike was also observed on December 14, 2022.
Just two IP addresses (103.138.108.15 and 188.66.0.135) accounted for more than 20 exploit attempts against nearly 000 websites.
While WordPress itself is relatively stable (around 0,5% of all WordPress-related vulnerabilities are found in the hosting platform itself), its ecosystem is large and as such offers plenty of scope for exploitation. Paid plugins, like this one, are usually updated frequently and the developers try to keep a product secure, while free plugins can often go months without patches and can become a real nightmare for webmasters.
Via: BleepingComputer (Opens in a new tab)