Major XSS Vulnerability in WordPress Online Stores using Woocommerce


shipping

A vulnerability in an extremely popular WordPress online store plugin called WooCommerce has been identified.  The vulnerability includes a Reflected Cross Site Scripting (XSS) problem that allows an attacker to manipulate input fields and then in-turn attack web browsers of visiting users.  On January 29th, WooCommerce fixed their plugin by updating it to 2.2.11.  The WooCommerce site shows over one million active installs, which means there could possibly be an extremely large amount of affected websites if the site administrators do not keep their plugins updated.  For more information on the vulnerability you can visit http://www.cvedetails.com/cve/CVE-2015-2069/

 

Photo by melenita on Flickr via CCL 2.0