Lucene search

K
hiveproHiveForce LabHIVEPRO:69364D063D4532AE3FB1D024C7F38417
HistoryDec 30, 2022 - 1:36 p.m.

WordPress plugin has been exploited in the wild to mount backdoors

2022-12-3013:36:36
HiveForce Lab
www.hivepro.com
20

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are actively exploiting a critical vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin in order to plant backdoors on e-Commerce sites. The security flaw (CVE-2022-45359) exists due to the "import actions from settings panel" function, which runs on the "admin init" hook. Additionally, this function does not perform capability and CSRF checks, allowing unauthenticated attackers to upload files to vulnerable sites, including web shells that provide full site access. Over 50,000 websites continue to use vulnerable versions of the plugin, enabling threat actors to exploit the bug and plant a backdoor to perform remote code execution attacks.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related for HIVEPRO:69364D063D4532AE3FB1D024C7F38417