Hackers are exploiting a vulnerability in a popular WordPress plugin |
Hackers are actively targeting a critical vulnerability in YITH WooCommerce Gift Cards Premium, a plugin for the WordPress content management platform used on more than 50,000 websites, according to a new report.
The YITH WooCommerce Gift Card Premium component allows website owners to sell gift cards on their online store.
Exploiting this vulnerability, traced back to CVE-2022-45359, could allow hackers to upload files to compromised websites, including malicious scripts that allow hackers to compromise web servers and launch further attacks.
CVE-2022-45359 was publicly announced on November 22, 2022 and will affect all plugin versions up to 3.19.0. The security update that fixed the issue was version 3.20.0, then the add-on vendor released version 3.21.0 which is the recommended version to install.
However, many websites are still using older, fragile versions, and hackers have devised a mechanism to attack them.
According to WordPress security researchers at Wordfence, work is underway to exploit the vulnerability, which hackers have used to install backdoors, run code remotely, and hack websites.
Hackers exploited this vulnerability by reverse engineering Wordfence when they discovered that the problem was with a functionality of the plugin. The limitation of this feature is that an attacker can send a post request to the admin link to try to load a malicious PHP executable on the website.
Analysts reported that most of the attacks occurred in November before administrators fixed the vulnerabilities, but there was a second spike on December 14, 2022.
The exploit is still ongoing, so YITH WooCommerce Gift Cards Premium plugin users are advised to update to version 3.21 as soon as possible.