The following informational alert is from Wordfence the security plugin for Wordpress which if you use Wordpress is a plugin you absolutely should have to help protect your Wordpress website.

If you use any of the following plugins/themes in your wordpress install(s) then you should upgrade asap:

---


There appears to be an XSS vulnerability in WooCommerce that allows an attacker to craft a website which will steal a WooCommerce administrator's cookies when they visit that site and allow the attacker access the target site with admin privileges.

The vulnerability is in WooCommerce version 2.0.17. There is a fix in WooCommerce version 2.0.18 but that has not yet been released. 

We contacted WooThemes about this and they will be "addressing this in the next minor release (2.0.18) either later today/tomorrow". 

Exploits for this vulnerability started appearing in the wild 48 hours ago. Once WooCommerce 2.0.18 is released please upgrade immediately. 

----

There is also a vulnerability in versions of WP Awesome Support plugin which uses jquery.fineuploader version 3.5.0.

This vulnerability allows an attacker to upload any file to your system. The plugin was last updated on 14 September 2013 and this vulnerability appeared in the last few days in the hacker community, so we believe it to be in the current version of WP Awesome Support. Googling for details on this exploit will yield more info and includes examples of hacked websites.


---

There is also an arbitrary file upload vulnerability in the current version of the Magnitudo theme in the wild, so please contact the vendor for a fix. The theme was last updated in April of this year.  An exploit for this is being actively distributed. Google for details.

---


PAC Web Hosting Ltd


Monday, October 21, 2013







« Back