U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

WordPress Plugins could expose online shoppers on Black Friday and Cyber Monday

Black Friday and Cyber Monday are upon us, Checkmarx published a report analyzing the security of some of the top WordPress plugins. The Black Friday and the Cyber Monday are upon us and security experts from Checkmarx are questioning the security of some of the top WordPress e-commerce plugins that are currently used in more […]

WordPress miniOrange

Black Friday and Cyber Monday are upon us, Checkmarx published a report analyzing the security of some of the top WordPress plugins.

The Black Friday and the Cyber Monday are upon us and security experts from Checkmarx are questioning the security of some of the top WordPress e-commerce plugins that are currently used in more than 100,000 commercial websites.

Checkmarx analyzed the top 12 WordPress e-commerce plugins discovering that four of them are affected by severe vulnerabilities, including reflected cross-site scripting, SQL injection, and file manipulation flaws.

“Out of the 12 plugins we are scanning we have detected high-risk vulnerabilities in at least four of them. One plugin contained three vulnerabilities while the other three each contained one. Of the found vulnerabilities so far, Reflected XSS was found on three plugins, an SQL injection was found on one plugin, Second Order SQL Injection found on one plugin with File Manipulation also being detected on one plugin.” reported the analysis published by Checkmarx. “Of the vulnerabilities that we have detected so far, if they were exploited, the users of over 135,000 websites could find their personal data threatened by malicious parties or cyber criminals.” 

Black Friday WordPress plugin

The document includes an explanation for most popular flaws affecting WordPress based websites such as reflected cross-site scripting, SQL injection, and file manipulation flaws.

The report doesn’t refer specific e-commerce plugins used by WordPress sites and doesn’t provide information about the commercial platform using it.

Businesses powering e-commerce platform based on WordPress should download plugins only from trusted sources (WordPress.org).

The researchers also suggest scanning the source code of the plugins with a static source code analysis solutions to discover if they are affected by the above vulnerabilities.

Patch management assumes a crucial importance to secure e-commerce websites running on the WordPress CMS, administrators have to constantly maintain plugins up to date.

The report provides useful suggestions to cyber Monday and black Friday shoppers such as:

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Black Friday, e-commerce)