A BUG was found in the e-commerce platform plug-in! Can shoppers change the price by themselves?

A BUG was found in the e-commerce platform plug-in! Can shoppers change the price by themselves?

WooCommerce is a popular e-commerce platform with over 150 million downloads, powering nearly 35% of online stores worldwide.

 

The vulnerability was discovered in a multi-currency plugin that allows retailers to set pricing for global shoppers. The plugin automatically detects the customer's geographic location and displays pricing in the customer's local currency, either by manually setting the exchange rate or automatically setting it based on the current exchange rate .

 

Security flaw can be exploited by malicious CSV files

 

According to Ninja Technologies, the vulnerability appears in plugin v2.1.17 and below, and affects the "Import Fixed Price" feature, which allows users to set custom prices, thereby overriding any prices that are automatically converted based on exchange rates.

 

Hackers could exploit the vulnerability by uploading a specially crafted CSV file to the website that uses the items' current currency prices and product IDs, allowing them to change the price of one or more products.

 

It is reported that the vulnerability has a great impact on online stores selling digital products. Since hackers will not change product prices directly in the background, store operators are unlikely to immediately discover abnormalities, so it is important to verify each order.

 

At the same time, to avoid being affected, website administrators should update the plugin to the latest version v2.1.18, which adds a security patch to fix the vulnerability.

 

Network security needs to attract the attention of relevant practitioners

 

According to the editor, this is not the first time that the WooCommerce platform plugin has had problems. In July this year , a vulnerability was discovered that tricked the server into executing malicious SQL commands, which allowed unauthenticated hackers to steal customer data, bank cards, employee credentials and other information from the online store's database.

 

In late August, a security vulnerability in a dynamic pricing and discount plugin on the platform was also disclosed, which allowed unauthenticated hackers to inject malicious code into websites running an unpatched version of the plugin. The vulnerability could lead to various attacks, including redirecting websites to phishing pages, inserting malicious scripts on product pages, and more.

 

Information security is very important in the Internet age, especially for e-commerce practitioners. The editor would like to remind relevant sellers to purchase operation plug-ins from regular platforms and pay more attention to store operations and platform news to avoid unnecessary losses.

E-commerce platform

Independent website

<<:  Sky-high shipping prices are expected to cool down! China, the United States and Europe held a global maritime regulatory summit

>>:  European e-commerce industry continues to develop in September, and shopping intentions for fashion products soar

Recommend

Sales surge in April! South Korea's sunscreen market is about to explode

According to a survey conducted by South Korea...

Amazon Business in India grows at a compound annual growth rate of 102%

According to foreign media reports, Amazon Busine...

What is Woolworths? Woolworths Review, Features

Woolworths is a large supermarket chain in Austral...

TikTok fined 2.6 million rubles by Moscow court

According to Russian media reports, a Moscow cour...

It’s a pity! 10 listings of the seller were “stolen” by another brand

Every day is a new test for Amazon sellers. Many ...

What is Casas Bahia? Casas Bahia Review, Features

Casas Bahia is a Brazilian e-commerce platform wit...

Black History Month is here, and here comes a marketing opportunity for sellers!

Speaking of February, sellers may first think of ...

Sales volume is back! Some Amazon sellers are seeing a rebound in sales

After the New Year, sales of many Amazon sellers ...

What is Dealspotr? Dealspotr Review, Features

Dealspotr is a relatively small discount website i...

What is Sinostar? Sinostar Review, Features

Sinostar Brazil Express is a Brazilian parcel logi...

What is MarktMaat? MarktMaat Review, Features

<span data-docs-delta="[[20,{"gallery"...