The WordPress content management system (CMS) payment solution plugin WooCommerce has been found to contain vulnerable code that might grant an unauthenticated attacker access to administrative capabilities and take control of a website.
The information was discovered by Wordfence’s WordPress security specialists, who also detailed the crucial authentication bypass in a blog post on Thursday.
Senior threat researcher Ram Gall’s Wordfence blog post details how the team discovered the vulnerability after examining version 5.6.2 of the WooCommerce plugin on the same day it was made available.
Following a study of the update, Gall said, “we found that it eliminated vulnerable code that may enable an unauthenticated attacker read more WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites.
Stay up-to-date with the latest cybersecurity news and increase your cybersecurity awareness through ReconBee.com‘s in-depth coverage of the newest threats, breaches, and solutions.