- WHY AVERTIUM?
-
-
Why Avertium?
Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
-
Considering Microsoft?
Avertium Named Microsoft Security Solutions PartnerAvertium’s managed services for Microsoft Security Solutions is delivered through the company’s premium service: Fusion MXDR. Fusion MXDR includes 24x7 monitoring and management of Defender for Endpoint and Sentinel, threat intelligence, attack surface
monitoring, and vulnerability management for Microsoft Security customers.
-
-
- SOLUTIONS
- COMPANY
- PARTNERS
-
-
Our Partners
Best-in-class technology from our partners... backed by service excellence from Avertium.
-
Partner Opportunity Registration
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
-
-
- NEWS & RESOURCES
- CONTACT
WooCommerce Vulnerabilities Overview
This threat report provides actionable intelligence about multiple vulnerabilities recently discovered in Discount Rules for the WooCommerce WordPress plugin. Successful exploitation of these weaknesses could allow a remote unauthenticated attacker to execute arbitrary code.
The vulnerabilities were quickly patched by the developers after discovery. Now it is imperative that administrators using the affected software update the plugin to avoid a potential attack.
Related Reading: Recent Surge in Two WordPress Attacks
Discount Rules Vulnerabilities Tactics, Techniques, and Procedures
These WooCommerce plugin vulnerabilities affect the Discount Rules for 2.0.2 and prior versions. Exploitation could allow SQL injection and unauthenticated stored cross-site scripting opportunities which could lead to remote code execution administered by the attacker.
The vulnerabilities discovered in this plugin were due to a lack of authorization and nonce token checks.
An attacker utilizing this vulnerability would first identify potentially vulnerable WordPress sites by searching for the string “woocommerce” in the target’s source code. Once identified, an attacker would proceed in the exploit attempt by sending a malicious payload to the targeted site. In observed cases, these payloads contained a JavaScript file that redirected users to a malicious site.
Because this weakness allows an attacker to inject crafted code into any template hook, this security issue could also lead to the exploit of numerous other vulnerabilities if the targeted site is using other plugins that have unpatched weaknesses.
Security researchers have reported a large increase in attacks against this vulnerability since it was first discovered. Attacks have been observed coming from the following IP addresses:
- 45.140.167.17
- 95.181.152.136
The updated version of the plugin corrects this vulnerability and forces all actions to be performed by an authenticated user. Further details and a link to the available patch are referenced in the Sources section below.
What This Means to Your Business
- Exploitation may lead to unauthorized access and control of company assets.
- Could potentially lead to the exfiltration of sensitive company data.
What You Can Do About These WooCommerce Vulnerabilities
If your company uses the WooCommerce Discounts Plugin for a WordPress site, we recommend verifying that you are using the latest version available to remediate the threat of these weaknesses in your environment.
Along with regular software updates, it is important to verify that third-party code used is also up to date as this can drastically impact your security posture.
Related Reading: Attributes of a Robust Vulnerability Management Program
Sources and Other Helpful Information
WordPress Plugin Directory (Patch): https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2359660%40woo-discount-rules%2Ftrunk&old=2348192%40woo-discount-rules%2Ftrunk&sfp_email=&sfph_mail=
IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/collection/c27acbfed2b7d10eb3aa52003f085ba1
SecurityWeek: https://www.securityweek.com/wordpress-sites-targeted-vulnerabilities-woocommerce-discounts-plugin
WebARX: https://www.webarxsecurity.com/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/
MITRE ATT&CK Techniques:
- Exploit Public-Facing Application (T1190): https://attack.mitre.org/techniques/T1190/
- Exploitation for Client Execution (T1203): https://attack.mitre.org/techniques/T1203/
- Process Injection (T1055): https://attack.mitre.org/techniques/T1055/
Contact us for more information about Avertium’s managed security service capabilities.
8 Steps to Take if You've Been Breached
With the prevalence, severity, and sophistication of cybersecurity attacks growing by the day, businesses of all types and sizes are scrambling to protect themselves. This best practices guide takes you through the 8 essential steps to managing a data breach. Download now.
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.