WordPress and woocommerce together are a very popular infrastructure platform for thousands of e-commerce sites around the world. The pair together while providing solid support for their products, are still constantly under attack from attacker across the globe. Recently, the wordpress premium plugin “Woocommerce Vendor plugin” was discovered to be vulnerable to a Reflective XSS vulnerability. This type of scripting vulnerability allows attackers to insert malicious code into an otherwise legitimate transaction between a customer and the e-commerce site.
It is estimated that 28% of the e-commerce sites in the world are using Woocommerce to sell millions of dollars worth of product. While Woocommerce itself isn’t vulnerable, the very popular “Vendor Plugin” is and should be updated immediately. The latest version is 2.040 and fixes the vulnerability and has been out for several months. The vulnerability wasn’t immediately announced presumably to allow webmasters to implement the update. It is critical that companies relying on internal and third party webmasters ensure that they address the issue and ensure it is fixed if they are using the plugin.
Having a website and doing business on the internet are a integral part of our economy today and therefore, updating and addressing security issues are key. Just like you depend on your suppliers to delivery, cash registers to work, employees to be honest, it is vital that you elevate your website to a high status within the company and minimize your exposure. Taking these steps are will help ensure your success.