16 WooCommerce Product Add-Ons Plugins Fixed Vulnerabilities.

16 WooCommerce product add-ons plugins fixed a critical broken access control vulnerability that could allow customers to take over the website and its database.

Posted on September 13, 2021 - 12:14pm [+0700]
NinjaFirewall

Vulnerability fixed in WordPress WooCommerce Multi Currency plugin.

The WooCommerce Multi Currency plugin (7,700+ sales on Envato) fixed a broken access control vulnerability in version 2.1.17 and below that could allow customers to change the price of all products.

Critical vulnerability fixed in WordPress Automatic Plugin.

WordPress Automatic Plugin (26,000+ installations) fixed a critical vulnerability affecting version 3.53.2 and below that could allow unauthenticated users to take over the website and its database.

Posted on September 6, 2021 - 12:51pm [+0700]
NinjaFirewall

Critical vulnerability fixed in WordPress Pinterest Automatic plugin.

Wordpress Pinterest Automatic plugin (7,000+ installations) fixed a critical vulnerability affecting version 4.14.3 and below that could allow unauthenticated users to take over the website and its database.

How hackers install and hide rogue plugins on your WordPress blog.

A while back, I explained how hackers created hidden admin users after hacking a WordPress blog. In this post, we will see how they upload and hide rogue plugins.