A BUG was found in the e-commerce platform plug-in! Can shoppers change the price by themselves?

A BUG was found in the e-commerce platform plug-in! Can shoppers change the price by themselves?

WooCommerce is a popular e-commerce platform with over 150 million downloads, powering nearly 35% of online stores worldwide.

 

The vulnerability was discovered in a multi-currency plugin that allows retailers to set pricing for global shoppers. The plugin automatically detects the customer's geographic location and displays pricing in the customer's local currency, either by manually setting the exchange rate or automatically setting it based on the current exchange rate .

 

Security flaw can be exploited by malicious CSV files

 

According to Ninja Technologies, the vulnerability appears in plugin v2.1.17 and below, and affects the "Import Fixed Price" feature, which allows users to set custom prices, thereby overriding any prices that are automatically converted based on exchange rates.

 

Hackers could exploit the vulnerability by uploading a specially crafted CSV file to the website that uses the items' current currency prices and product IDs, allowing them to change the price of one or more products.

 

It is reported that the vulnerability has a great impact on online stores selling digital products. Since hackers will not change product prices directly in the background, store operators are unlikely to immediately discover abnormalities, so it is important to verify each order.

 

At the same time, to avoid being affected, website administrators should update the plugin to the latest version v2.1.18, which adds a security patch to fix the vulnerability.

 

Network security needs to attract the attention of relevant practitioners

 

According to the editor, this is not the first time that the WooCommerce platform plugin has had problems. In July this year , a vulnerability was discovered that tricked the server into executing malicious SQL commands, which allowed unauthenticated hackers to steal customer data, bank cards, employee credentials and other information from the online store's database.

 

In late August, a security vulnerability in a dynamic pricing and discount plugin on the platform was also disclosed, which allowed unauthenticated hackers to inject malicious code into websites running an unpatched version of the plugin. The vulnerability could lead to various attacks, including redirecting websites to phishing pages, inserting malicious scripts on product pages, and more.

 

Information security is very important in the Internet age, especially for e-commerce practitioners. The editor would like to remind relevant sellers to purchase operation plug-ins from regular platforms and pay more attention to store operations and platform news to avoid unnecessary losses.

E-commerce platform

Independent website

<<:  Sky-high shipping prices are expected to cool down! China, the United States and Europe held a global maritime regulatory summit

>>:  European e-commerce industry continues to develop in September, and shopping intentions for fashion products soar

Recommend

What is Euro Elephant Super Large? Euro Elephant Super Large Review, Features

Euro Elephant Oversized (Shenzhen Europa Oversize...

Official price cuts, "follow-selling"? Temu sellers' order volume plummets

Since its launch in North America last September,...

What is money? money Review, Features

money can save on anything from credit cards and ...

Products sold for billions! Shenzhen 3C sellers ranked first in the world

In recent years, as global consumers' demand ...

What is Crowd Cow? Crowd Cow Review, Features

Crowd Cow is an e-commerce platform for group buy...

What is jolt? jolt Review, Features

<span data-docs-delta="[[20,{"gallery"...

43% of Brits strongly regret using Amazon

According to foreign media reports, digital exper...

What is Four Sigmatic? Four Sigmatic Review, Features

Four Sigmatic is a food and beverage brand based ...

Amazon Global Selling's first innovation center in Asia Pacific officially opens

November 8, 2024, Shenzhen - Today, the first inn...

What is Yantian Clipper? Yantian Clipper Review, Features

Yantian Haipai, the seller of this ship, needs to ...

What is Happy School Year? Happy School Year Review, Features

On July 1, 2019, Amazon announced the launch of “...

With monthly sales exceeding 40,000, this brand is on fire!

In the best-selling list of yoga products on Amaz...