A few days ago, a developer fixed a vulnerability in several of their WooCommerce addon plugins. The vulnerability is severe because it allows the creation of new administrators, products, comments, orders and a few other things as well. It affects between 50,000 to 70,000 active installations.
Hackers have spotted the issue almost immediately and have been exploiting it for a couple of days already.
If you’re running WooCommerce on your WordPress site, make sure to update all your plugins ASAP. The developers were honest as they clearly indicated in the changelog that it was a security update but, unfortunately, it seems that many administrators missed it and didn’t update the plugin(s).
Note that I won’t disclose the name of the plugins yet, because they were fixed less than a week ago.
We have update our WAF to protect all our customers.
Stay informed about the latest vulnerabilities in WordPress plugins and themes: @nintechnet