Hackers are exploiting a well-known gift card plugin in WordPress – YITH WooCommerce Gift Cards Premium, that would let them perform various scams through legitimate sites.
The plugin was installed in over 50,000 WordPress sites, offering a large scope big for scammers. Though there’s a patch available from the plug-in maker, it’s the website admins who need to apply this and stay secure.
Unauthenticated Access to WordPress Sites
Last month, researchers discovered a critical bug in the YITH WooCommerce Gift Cards Premium plugin that’s been installed in over 50,000 WordPress sites till now. It’s used by website operators to sell gift cards in their online stores and needs authentication to post any new updates.
But, a vulnerability tracked as CVE-2022-45359 allows unauthenticated people to remotely upload files to the connected sites and manage them with near-admin access! Researchers noted that hackers could set web shells (like backdoors) to provide themselves with full access to the vulnerable site.
The bug was disclosed publicly on November 22, 2022, with a severity score of 9.8/10. Hackers have already devised a working exploit for this and have been attacking vulnerable sites since then. Observing the rise of such attacks, the maker of the plug-in has released a patched version, 3.21.0, and asked users to update it.
Yet, we see a number of sites still running on the insecure 3.19 and 3.20 versions of this plugin, keeping them at risk. Analyzing the ongoing cyberattacks, Wordfence researchers noted that malicious requests appearing on logs as unexpected POST requests from unknown IP addresses should be considered as infection – where the site admins should react immediately.
Most attacks occurred in November before admins could patch the flaw, while a new peak was discovered on December 14, 2022. As they continue to happen, site admins are advised to update their YITH WooCommerce Gift Cards Premium plug-in to v3.21.0 for good.