XSS Vulnerability in Abandoned Cart Plugin Leads To WordPress Site Takeovers

Google+ Pinterest LinkedIn Tumblr +

WordPress Security News
XSS Vulnerability Found in Abandoned Cart Plugin
Mar 12
Melbourne, Australia
Last month a stored cross-site scripting flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce.
The plugin, allows the owners of WooCommerce sites to track abandoned shopping carts in order to recover those sales.
The flaw allows attackers to inject malicious code into various data fields, which will execute when an administrator views the list of abandoned carts from their WordPress dashboard.
Any sites making use of woocommerce plugin or its premium version, are advised to update to the latest available version asap.
Sites making use of the Wordfence WAF, both free and premium, are protected from the attacks. Users without Wordfence should consider a Site Security Audit.
Visit SJVirtualMedia.com or call 0456-925-085


About Author

Leave A Reply