Hackers exploit bug in WordPress gift card plugin with 50K installs

Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.

YITH WooCommerce Gift Cards Premium is a plugin that website operators to sell gift cards in their online stores.

Exploiting the vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), allows unauthenticated attackers to upload files to vulnerable sites, including web shells that provide full access to the site.

CVE-2022-45359 was disclosed to the public on November 22, 2022, impacting all plugin versions up to 3.19.0. The security update that…

More Info

About mblog.my

Check Also

Malware campaign compromises over 4,500 WordPress sites | SC Media – SC Media

Military-grade xIoT hacking tools are in use, cybercrime for hire that’s predicated on compromised xIoT …

Leave a Reply

Your email address will not be published. Required fields are marked *