On March 22nd, 2023 a critical vulnerability was discovered within the WooCommerce Payments plugin – an extremely popular eCommerce payment plugin for WordPress with over half a million active installations. Thankfully the vulnerability was discovered by white hat security researcher Michael Mazzolini and responsibly disclosed through HackerOne, giving websites time to install the patched version 5.6.2 before full details of the exploit are released on April 6th.
Although what we know at this time is limited, what we do know is that the vulnerability allows for unauthenticated administrative takeover of websites.
Continue reading Critical Vulnerability Discovered in WooCommerce Payments at Sucuri Blog.
