WooCommerce Vulnerabilities Overview
This threat report provides actionable intelligence about multiple vulnerabilities recently discovered in Discount Rules for WooCommerce WordPress plugin. Successful exploitation of these weaknesses could allow a remote unauthenticated attacker to execute arbitrary code.
The vulnerabilities were quickly patched by the developers after discovery. Now it is imperative that administrators using the affected software update the plugin to avoid a potential attack.
Related Reading: Recent Surge in Two WordPress Attacks
Discount Rules Vulnerabilities Tactics, Techniques, and Procedures
These WooCommerce plugin vulnerabilities affect the Discount Rules for 2.0.2 and prior versions. Exploitation could allow SQL injection and unauthenticated stored cross-site scripting opportunities which could lead to remote code execution administered by the attacker.
The vulnerabilities discovered in this plugin were due to a lack of authorization and nonce token checks.
Because this weakness allows an attacker to inject crafted code into any template hook, this security issue could also lead to the exploit of numerous other vulnerabilities if the targeted site is using other plugins that have unpatched weaknesses.
Security researchers have reported a large increase in attacks against this vulnerability since it was first discovered. Attacks have been observed coming from the following IP addresses:
The updated version of the plugin corrects this vulnerability and forces all actions to be performed by an authenticated user. Further details and a link to the available patch are referenced in the Sources section below.
What This Means to Your Business
- Exploitation may lead to unauthorized access and control of company assets.
- Could potentially lead to the exfiltration of sensitive company data.
What You Can Do About These WooCommerce Vulnerabilities
If your company uses the WooCommerce Discounts Plugin for a WordPress site, we recommend verifying that you are using the latest version available to remediate the threat of these weaknesses in your environment.
Along with regular software updates, it is important to verify that third-party code used is also up to date as this can drastically impact your security posture.
Related Reading: Attributes of a Robust Vulnerability Management Program
Sources and Other Helpful Information
WordPress Plugin Directory (Patch): https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2359660%40woo-discount-rules%2Ftrunk&old=2348192%40woo-discount-rules%2Ftrunk&sfp_email=&sfph_mail=
IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/collection/c27acbfed2b7d10eb3aa52003f085ba1
MITRE ATT&CK Techniques:
- Exploit Public-Facing Application (T1190): https://attack.mitre.org/techniques/T1190/
- Exploitation for Client Execution (T1203): https://attack.mitre.org/techniques/T1203/
- Process Injection (T1055): https://attack.mitre.org/techniques/T1055/
8 Steps to Take if You’ve Been Breached
With the prevalence, severity and sophistication of cybersecurity attacks growing by the day, businesses of all types and sizes are scrambling to protect themselves. This best practices guide takes you through the 8 essential steps to managing a data breach. Download now.
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.