Thousands of WordPress WooCommerce stores potentially exposed to hack

Pierluigi Paganini August 22, 2020

Hackers are attempting to exploit multiple vulnerabilities in the Discount Rules for WooCommerce WordPress plugin, which has 30,000+ installations.

Researchers from security firm WebArx reported that Hackers are actively attempting to exploit numerous flaws in the Discount Rules for WooCommerce WordPress plugin.

The list of vulnerabilities includes SQL injection, authorization flaws, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities.

Discount Rules for WooCommerce is a WordPress plugin that allows users to manage product pricing and discount campaigns on WooCommerce online stores. The plugin has more than 30,000 installations

“The Discount Rules for WooCommerce plugin (versions 2.0.2 and below) suffers from multiple vulnerabilities such as SQL injection, authorization issues and unauthenticated stored cross-site scripting.” reads the post published by security experts.

“In this scenario, the unauthenticated stored cross-site scripting issue could potentially lead to remote code execution.”

Experts observed a wave of attacks attempting to exploit this vulnerability, most of them from the IP address 45[.]140.167.17 which attempts to inject the script poponclick[dot]info/click.js into the woocommerce_before_main_content template hook.

The attackers are attempting to target WooCommerce based sites running outdated versions of the popular plugin.

Experts warn that the vulnerabilities can be exploited by remote attackers to potentially execute arbitrary code on the vulnerable sites and potentially takeover compromised sites.

WebARX reported the flaws to the development team of the Discount Rules plugin on August 7 and on August 13, they released version 2.1.0 to address the vulnerabilities.

The flaws are caused by a lack of nonce token and authorization checks, their exploitation can allow unauthenticated attackers to retrieve a list of all users and coupon codes, inject into any display location, such as the header, footer or any admin page, and trigger remote code execution exploits.

At the time of writing, the plugin has been downloaded over 12,000 times in the last 7 days, this means that more that 17,000 WooCommerce online stores using the Discount Rules plugin are exposed to

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Discount Rules)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment