Threat Post

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. The plugin “Variation Swatches for ...
Searchenginejournal.com

WordPress WooCommerce Payments Plugin Vulnerability

Automattic, publishers of the WooCommerce plugin, announced the discovery and patch of a critical vulnerability in the WooCommerce Payments plugin. The vulnerability allows an attacker to gain ...
Threat Post

WooCommerce Pricing Plugin Allows Malicious Code-Injection

The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers. A pair of security vulnerabilities in the WooCommerce Dynamic Pricing and Discounts plugin ...
Searchenginejournal.com

Vulnerabilities In WooCommerce And Dokan Pro Plugins

WooCommerce published an advisory about an XSS vulnerability while Wordfence simultaneously advised about a critical vulnerability in a WooCommerce plugin named Dokan Pro. The advisory about Dokan Pro ...
Bleeping Computer

Active XSS Attacks Targeting Amp for WP WordPress Plugin

Vulnerabilities were recently discovered in the popular AMP for WP plugin that allows any registered user to perform administrative actions on a WordPress site. It has now been discovered that an ...
Infosecurity-magazine.com

Flaw Leads to RCE in WordPress Plugins, WooCommerce

A WordPress design flaw could grant an attacker remote code execution, leading to a privilege escalation in WooCommerce and other WordPress plugins, according to RIPS Technologies. In a 6 November ...