A BUG was found in the e-commerce platform plug-in! Can shoppers change the price by themselves?

A BUG was found in the e-commerce platform plug-in! Can shoppers change the price by themselves?

WooCommerce is a popular e-commerce platform with over 150 million downloads, powering nearly 35% of online stores worldwide.

 

The vulnerability was discovered in a multi-currency plugin that allows retailers to set pricing for global shoppers. The plugin automatically detects the customer's geographic location and displays pricing in the customer's local currency, either by manually setting the exchange rate or automatically setting it based on the current exchange rate .

 

Security flaw can be exploited by malicious CSV files

 

According to Ninja Technologies, the vulnerability appears in plugin v2.1.17 and below, and affects the "Import Fixed Price" feature, which allows users to set custom prices, thereby overriding any prices that are automatically converted based on exchange rates.

 

Hackers could exploit the vulnerability by uploading a specially crafted CSV file to the website that uses the items' current currency prices and product IDs, allowing them to change the price of one or more products.

 

It is reported that the vulnerability has a great impact on online stores selling digital products. Since hackers will not change product prices directly in the background, store operators are unlikely to immediately discover abnormalities, so it is important to verify each order.

 

At the same time, to avoid being affected, website administrators should update the plugin to the latest version v2.1.18, which adds a security patch to fix the vulnerability.

 

Network security needs to attract the attention of relevant practitioners

 

According to the editor, this is not the first time that the WooCommerce platform plugin has had problems. In July this year , a vulnerability was discovered that tricked the server into executing malicious SQL commands, which allowed unauthenticated hackers to steal customer data, bank cards, employee credentials and other information from the online store's database.

 

In late August, a security vulnerability in a dynamic pricing and discount plugin on the platform was also disclosed, which allowed unauthenticated hackers to inject malicious code into websites running an unpatched version of the plugin. The vulnerability could lead to various attacks, including redirecting websites to phishing pages, inserting malicious scripts on product pages, and more.

 

Information security is very important in the Internet age, especially for e-commerce practitioners. The editor would like to remind relevant sellers to purchase operation plug-ins from regular platforms and pay more attention to store operations and platform news to avoid unnecessary losses.

E-commerce platform

Independent website

<<:  Sky-high shipping prices are expected to cool down! China, the United States and Europe held a global maritime regulatory summit

>>:  European e-commerce industry continues to develop in September, and shopping intentions for fashion products soar

Recommend

What is Yuanjianhai International? Yuanjianhai International Review, Features

Yuanjianhai International (Shenzhen Yuanjianhai I...

The short position has risen again! Some US line prices have exceeded 80

In the past two weeks, air freight prices have be...

More than 20,000 products were recalled, targeting Made in China!

In modern life, product quality and safety are in...

What is Mailgun

Mailgun is a simple and efficient email sending c...

What is Yunde Supply Chain? Yunde Supply Chain Review, Features

Shenzhen Qianhai Yunde Supply Chain Management Co....

What is Lili? Lili Review, Features

Lili 's free bank account offers mobile tax p...

Russians have a special liking for rings, and demand has soared 260%

Russians seem to have a special fondness for prec...