Top website builder (öppnas i ny flik) WordPress has pushed an urgent update to users with the WooCommerce add-on installed in response to a highly disruptive security vulnerability.
Cybersecurity researchers from GoldNetwork recently discovered a major flaw affecting WooCommerce Payments 4.8.0 and higher. WooCommerce is an open-source ecommerce WordPress plugin designed to service small and medium-sized businesses.
Explaining the bug in more detail, researchers from WordFence (a cybersecurity team focused on WordPress) claim the bug allows threat actors to “impersonate an administrator and completely take over a website without any user interaction or social engineering required.”
WooCommerce devs have now released a security update, and the good news (or so it seems right now) is that the Swiss researchers were the first ones to discover the flaw.
“At this time we have no evidence that the vulnerability was exploited beyond identifying it in our own security testing program. We do not believe any store or customer data was compromised as a result of this vulnerability,” BleepingComputer cited Beau Lebens, Head of Engineering at WooCommerce.
“We immediately deactivated the impacted services and mitigated the issue for all websites hosted on WordPress.com, Pressable, and WPVIP.”
If you have a WordPress site with WooCommerce, chances are it’s already been updated: “We shipped a fix and worked with the WordPress.org Plugins Team to auto-update sites running WooCommerce Payments 4.8.0 through 5.6.1 to patched versions. The update is currently being automatically rolled out to as many stores as possible,” Lebens said.
Here are all the vulnerable WooCommerce Payments versions: .8.2, 4.9.1, 5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2, and 5.6.2.
If your website is still running any of the above mentioned versions, chances are it still hasn’t been updated. To do so manually, head to your WP Admin dashboard, navigate to Plugins, find WooCommerce Payments, and look for a notification about the vulnerability, as well as the instructions on how to update.
Mumbai (Maharashtra) [India], March 24 (ANI/PRNewswire): Bluehost, one of the largest WordPress hosting providers in the world, today announced the launch of its new commerce solutions that make it simple for customers to launch their online stores and makes using WordPress easier by bringing together YITH plugins and WooCommerce. Addressing the need for a simple, convenient online selling solution for all, Bluehost’s new commerce solutions, bring together the power of WordPress, the versatility of WooCommerce and the elegant simplicity of YITH plugins to empower users to easily create online stores that truly stand out from the rest.
From a mobile-responsive eCommerce website to powerful connections with all the major online marketplaces, Bluehost’s commerce solutions enable users to sell products anywhere and everywhere confidently. The affordable all-in-one commerce solutions allow users to build a robust online store. Users can easily accept payments, sell across popular marketplaces, schedule calendar appointments, ship new customer orders, print labels, and add advanced features like GiftCards, WishList, Customer Account Page, and more. Site owners will save time and energy maintaining every aspect of their eCommerce business, all from one platform.
Bluehost’s commerce solutions make selling online easier and save customers hundreds of dollars by bundling enhanced plugins.
“We have so many customers around the world with unique needs and different levels of expertise building online stores,” said Ed Jay, President of Newfold Digital, the parent company of Bluehost and YITH. “With the launch of Bluehost’s new commerce solutions, our team is addressing the needs of small businesses looking for the flexibility and power of WordPress but want the experience of coming online and selling to be simple. The curated experience we are providing strikes the perfect balance of security, reliability, and functionality by taking the power of WordPress and putting it into the hands of users in a way that feels intuitive and native for each of our customers seeking to grow their businesses.”
Bluehost’s commerce solutions offer the functionality, and the perfect mix of tools, plugins and guidance online sellers need to start and grow their online business including:
– Easy Online Store Creation: Bluehost’s new commerce solutions come with an easy-to-follow onboarding experience. Answer a few simple questions and within minutes users will have the right foundation pages to launch their site. The guided onboarding experiences walks users through the set-up process for commonly needed features of an online store, like payment processing, tax information, shipping and managing product inventory. It helps customers launch further, faster by setting up their theme, fonts, top menu and homepage by assembling a custom design in a few simple steps.
– WooCommerce and Enhanced YITH Plugins: Both of Bluehost’s commerce solutions come with WooCommerce and enhanced YITH plugins. YITH is one of the largest sellers and developers of WooCommerce Plugins for WordPress, with nearly 2.3M active installs and more than 100 plugins that expertly solve critical eCommerce needs. Payment Processing, Gift Cards, Wish Lists, Appointment Bookings, Shipping, Product Search/Filtering and Customer Account Creation are included, providing users with everything they need to build an online store for a simple low price.
– Sales Across Multiple Marketplaces: Whether users are selling on Amazon, Etsy, eBay, Shopify, BigCommerce, or any other kind of marketplace, the Bluehost Online Store + Marketplace plan allows customers to manage their inventory from one centralized dashboard. This allows them to analyze which marketplace is the best place for selling their products, as well as keep track of inventory in real-time without having to log into multiple dashboards.
– Yoast SEO: The #1 WordPress SEO Plugin powering more than 13 million websites. Yoast SEO is made by world-renowned SEO experts and is packed full of features, designed to help visitors and search engines to get the most out of their website. Newfold acquired Yoast in August 2021.
– New WordPress eCommerce Block Theme “Wonder” Pre-installed: Take advantage of WordPress’s Block Editor with Wonder’s 24 patterns, focused on shops, and six different style variations. YITH, a leading global provider of WooCommerce plugins acquired by Newfold in March 2022, built Wonder leveraging their WordPress commerce expertise.
– Professional Services and 24/7 Expert Support: In-house Bluehost experts are readily available to help customers get online and support customers if roadblocks are encountered while creating an online store, via online chat or over the phone at 1800-419-4426.
For more information on Bluehost’s commerce solutions, including product features and details, visit Bluehost.in.
Bluehost is the leading web hosting solutions provider specializing in WordPress. Since its founding in 2003, Bluehost has been trusted by millions of people because it makes building, growing, and managing successful WordPress websites easy. Bluehost delivers a suite of WordPress solutions designed with the perfect mix of guidance, tools, and expertise to build a professional website. Bluehost is a part of the Newfold Digital family of brands. For more information on Bluehost, visit Bluehost.in.
Newfold Digital is a leading web and commerce technology company serving nearly 7 million customers globally. Established in 2021 through the combination of leading web services providers Endurance Web Presence and Web.com Group, our portfolio of brands includes: Bluehost, CrazyDomains, HostGator, Network Solutions, Register.com, Web.com, Yoast, YITH, and many others. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs. Learn more about Newfold Digital at Newfold.com.
A sneaky new credit card stealer has been discovered hiding in places that are difficult to scan, and thus managing to steal payment (öppnas i ny flik) information without triggering any alarms.
A report from cybersecurity experts Sucuri notes how it stumbled upon the malware when called in to investigate an “unusual infection” at one of its clients’ payment endpoints.
As it turns out, the malware was hiding in the site’s WooCommerce payment gateway module called Authorize.net, which process payment details on checkout. As this module works after the user submits data at checkout, cybersecurity solutions have a harder time detecting potentially malicious code hiding within.
Usually, threat actors would inject malicious code into the HTML of the store of customer checkout pages. The code would then grab the data being inputted during checkout – giving hackers access to sensitive data such as full credit card numbers, CVV numbers, expiration dates, phone numbers, email addresses, and other important information.
But today’s cybersecurity solutions can scan the HTML code for malware and thus keep the ecommerce sites safe.
That’s why this creative malware developer turned to the Authorize.net payment processing system. Apparently, it is currently being used by more than 400,000 merchants all over the world.
But the WordPress ecommerce plugin WooCommerce, or the Authorize.net payment gateway, are not flawed, and do not carry any vulnerabilities, Sucuri stressed.
“Overall they are both robust and secure payment platforms that are perfectly safe to use. Instead, this article highlights the importance of maintaining good security posture and keeping environments locked down to prevent tampering from threat actors.”
“Just like any other piece of software, if malicious actors compromise an environment they can tamper with existing controls,” they concluded.
To remain secure, businesses are advised to leverage file integrity monitoring, keep a close eye on modified files, and urged to “take every possible avenue to keep the attackers at bay.”