WordPress plugin has been exploited in the wild to mount backdoors

Threat Level – Red | Vulnerability Report
Download PDF

Malicious actors are actively exploiting a critical vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin in order to plant backdoors on e-Commerce sites. The security flaw (CVE-2022-45359) exists due to the “import actions from settings panel” function, which runs on the “admin init” hook. Additionally, this function does not perform capability and CSRF checks, allowing unauthenticated attackers to upload files to vulnerable sites, including web shells that provide full site access. Over 50,000 websites continue to use vulnerable versions of the plugin, enabling threat actors to exploit the bug and plant a backdoor to perform remote code execution attacks.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox