Future Hosting Advises WooCommerce Users to Update Immediately

Share Article

Future Hosting, a specialized VPS hosting and dedicated server hosting provider, has warned users of the popular WordPress WooCommerce eCommerce plugin to update as soon as possible.

futurehosting_logo
It's important that vulnerabilities of this nature are given the widest possible exposure, so that site owners can make sure their users are not at risk.

Future Hosting, a specialized VPS hosting and dedicated server hosting provider, has warned users of the popular WordPress WooCommerce eCommerce plugin to update as soon as possible. A vulnerability in the plugin may allow attackers to access files that contain sensitive information that could put sites at risk of data loss or malware infection.

The security weakness, which was discovered and reported by researchers at security company Sucuri on June 10, 2015, leverages an object injection vulnerability present in WooCommerce. Only sites with WooCommerce's PayPal Identity Token option activated are vulnerable.

Owners of vulnerable sites should update to the most recent version of the WooCommerce plugin, which includes a patch that fixes the problem.

Sucuri published a detailed proof of concept that shows how the vulnerability can be used to access files that contain sensitive information. The Sucuri POC leveraged the object injection vulnerability along with other known vulnerabilities to gain access to a site's wp-config.php file, which contains the site's database credentials and secret keys.

“We host a large number of WordPress users, many of whom use the WooCommerce plugin for eCommerce. Most have already applied the patch, but we're aware that there are still a large number of vulnerable sites on the web,” said Maulesh Patel, VP of Operations of Future Hosting, “It's important that vulnerabilities of this nature are given the widest possible exposure, so that site owners can make sure their users are not at risk.”

Vulnerabilities are regularly discovered in content management systems and their plugins. The recent WooCommerce vulnerability is an example of an effective application of security best practices. The vulnerability was disclosed and patched quickly, but without wide exposure, it is likely many sites will remain vulnerable.
###

About Future Hosting, LLC

Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Vik Patel
@fhsales
since: 08/2009
Follow >
Follow us on
Visit website