SQL injection vulnerability in WooCommerce : Wordfence

By dp2web
Wordpress Woocommerce Vulnerability


Yesterday Matt Barry, researchers at Wordfence discovered a SQL injection vulnerability in WooCommerce version 2.3.5 and more established amid a code review of the plugin storehouse. WooCommerce is introduced on more than 1 million active WordPress websites.

Wordfence has quickly reached Woo about the issue and they've been unimaginably responsive, discharging a fix early today with their arrival of WooCommerce version 2.3.6.

We emphatically recommend you instantly upgrade on the off chance that you have not as of now.

The particular issue is a SQL injection weakness in the administrator board. Inside the Tax Settings page of WooCommerce, the key of the "tax_rate_country" POST parameter is passed unescaped into a SQL insert articulation. For instance, a payload of tax_rate_country[(SELECT SLEEP(10))] would result in the MySQL server to rest for 10 seconds.

Since this helplessness requires either a Shop Manager or Admin client account, it would need to be consolidated with a XSS attack so as to be misused.

What to do: Upgrade promptly to version 2.3.6 of WooCommerce which contains the fix.

Thanks to the WooThemes team for instantly tending to the issue and pushing the fix inside a couple of HOURS of accepting the report.

If you don't mind make sure to tweet, FB or email as expected to help spread the saying to your kindred WordPress site admins.

Comments

Post a Comment

Thank you commenting on the DP2Web Blog.

Stay Tuned with Us:

Popular posts from this blog

Blogspot SEO Tips For bloggers

By dp2web
Image
We as of recently had enough conversation about Blogspot or Wordpress and for one reason why I don't prefer Blogspot much is on the grounds that limitation of upgrading it for search engine. There are numerous Blogspot SEO control that you will discover on Internet and a large number of them is identified with template altering and all, however in Wordpress, plugins make it simpler to advance your blog. Along these lines, today I've got a few proposals on the most proficient method to advance your posts so you get more quality search engine traffic.  Google Blogger is free and simple to utilize web distributed apparatus . Numerous bloggers at first uses Blogger and afterward Migrate to Wordpress grumbling about absence of official templates, post SEO neighborliness , plugins and so forth . We have effectively examined this on our past post With little exertion we can make Blogger posts truly SEO cordial and a viable free medium for online business . So here I have gathered s
Read more

Reduce Website's Bounce Rate

By dp2web
Image
What is Bounce Rate? In Web analytics, incorporating Google Analytics, website bounce rate is the estimation in rate of what number of Web webpage visitors see stand out page inside your Web website – this is the one page they entered the webpage on (called the door page or presentation page). These visitors see just that solitary page and passageway the site on that same page. A high bounce rate normally shows that the greeting page isn't pertinent to your guest or you are not offering any motivator for the guest to investigate different ranges and pages of your site.  My website had a bounce rate of in the ballpark of 80%. After a few thorough testing, trialing and taking in I've figured out how to bring down my bounce rate. It's not mystery; I'll demonstrate to you how its carried out.  In this post you'll be taking in all the tips and traps that helped me to bring down my bounce rate. You don't have to use a really long time investigating (lucky you)
Read more

Nearly 1000 startups expected to be funded in 2016: Report

By
Image
The forecast depends on the run-rate seen in Q1 2016, and the contribution from first quarter to the yearly deal volume. There have been 255 deals till mid-April this year, said the report.  2016 will keep on being the year for startups as investment funds keep the money desiring a generally cash-compelled ecosystem. While financial speculators will keep subsidizing the startups, 'little is protected' is liable to be the characterizing theme for startup subsidizing, as deal size is relied upon to be much littler in contrast with the hyper subsidizing as of late, claims VCCEdge Q1CY2016 Startup India Funding Report.  The year 2016, consequently, will be the year of solidification with startup valuations getting trimmed, early-stage financial specialists turning mindful and a general fixing of purse strings.  The report characterizes startups as organizations that have reported raising an Angel or Seed-stage subsidizing, or a Venture Capital Round An or Round B in the cour
Read more