0-day

Apr 26 2019

WooCommerce Checkout Manager 4.2.6 Vulnerability

The WooCommerce Checkout Manager has been reported by PluginVulnerabilities.com for being vulnerable in arbitrary file uploads. The exploit could be activated by an unauthenticated remote attacker when the plugin "Categorize Uploaded Files" option is enabled. In this case, the attacker cloud brute-force or guess an existing order id number and execute arbitrary server-side script code in the WooCommerce website with the active WooCommerce Checkout Manager plugin. Apparently, WooCommerce Checkout Manager vulnerability was caught by the WordPress repository review stuff which resulted in de-activating plugin's listing for wordpress.org. If … [Read more...] about WooCommerce Checkout Manager 4.2.6 Vulnerability

Apr 23 2019

Easy WP SMTP v.1.3.9 Hacked Fix

Easy WP SMTP 0-Day vulnerability Easy WP SMTP is a very popular WordPress plugin that provides routing outgoing emails from a WordPress site to an SMTP server of choice. It is a great tool for resolving issues with the email delivery, we have used it on many occasions with our client sites, it has 300,000+ active installs and it is regularly updated. This is why it came as a shock when it was reported that the latest version of the plugin (1.3.9) had a serious security issue that led to a lot of sites being hacked. The plugin vulnerability was discovered on March 15th by the Ninja Technologies Network, after it was caught by their plugin … [Read more...] about Easy WP SMTP v.1.3.9 Hacked Fix