Researchers from WordPress security company Wordfence, discovered a high-severity vulnerability that affects three different WordPress plugins that impact over 84,000 websites.
The vulnerability is tracked as CVE-2022-0215 and is a cross-site request forgery (CSRF) flaw rated 8.8 on the CVSS scale which impacted three plugins- Login/Signup Popup, Side Cart Woocommerce and Waitlist Woocommerce, maintained by Xootix.
Cross-site request forgery, also known as one-click attack or session riding, occurs when an authenticated end-user is tricked by an attacker into submitting a specially crafted web request. Login/Signup Popup is installed on over 20,000 sites, while Side Cart Woocommerce and Waitlist Woocommerce have been installed on more than 4,000 and 60,000 sites, respectively.
Following responsible disclosure by Wordfence researchers, the issue has been addressed in Login/Signup Popup version 2.3, Side Cart Woocommerce version 2.1, and Waitlist Woocommerce version 2.5.2.
Wordfence said in a report, “This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a link.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
