Welcart e-Commerce is a free WordPress plugin that has more than 20,000 installations. According to WordPress, Welcart e-Commerce enjoys top market share in Japan. It allows site owners to add online shopping to their sites in a turn-key fashion, with options to sell physical merch, digital goods, and subscriptions, with 16 different payment options.
But researchers found out that a security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site, or information retrieval via SQL injection, researchers said.
Moreover, in October, two high-severity vulnerabilities were disclosed in Post Grid, a WordPress plugin with more than 60,000 installations, which open the door to site takeovers. It is believed that once the attackers have administrative access to a WordPress site, they can effectively take over the entire site and can perform any action, from taking the site offline to further infecting the site with malware.
WordPress plugin makes it easier for cybercriminals to attack
RELATED ARTICLES
Recent Comments
CamPhish
on