WooCommerce : XSS Vulnerability in Abandoned Cart Plugin Leads To WordPress Site Takeovers


Last month, a stored cross-site scripting (XSS) flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce. A lack of sanitation on both input and output allows attackers to inject malicious JavaScript payloads into various data fields, which will execute when a logged-in user with administrator privileges views the list of abandoned carts from their WordPress dashboard.

abandoned cart
abandoned cart

At this time, any WordPress sites making use of the plugin are advised to update to the latest available version as soon as possible.

In today’s post, we take a look at the details of this vulnerability, how attackers are exploiting it in the wild to take over sites, and what site owners should do if they believe they’ve been attacked.

>> Read more on the official Wordfence blog…

Source : Wordfence

About the author

No Web Agency Staff

No Web Agency est un site spécialisé dans la Publication & Diffusion de Communiqués de Presse, actus... édité par Sébastien Mugnier !

Notre objectif est simple, c’est d’accompagner les entreprises dans le développement de leur image, comme diffuseur de leurs actualités, ou encore en relais de leur stratégie marketing (lancement de produits, salon…).

Bienvenue sur No Web Agency

NO WEB AGENCY est un site spécialisé dans la Publication & Diffusion de Communiqués de Presse, news…, édité parSébastien Mugnier !….++