Ten WordPress plugins for WooCommerce identified as vulnerable

All vulnerable plugins designed to work alongside with WooCommerce so there is threat to all online stores powered by WooCommerce and one of these plugins.. Add Social Share Messenger Buttons Whatsapp and Viber Cross-site Request Forgery. Advance Search for WooCommerce Stored Cross-site scripting. Mass Pages Posts Creator Authenticated Stored Cross-Site scripting.  WooCommerce Checkout For Digital Goods Cross-site request forgery.  WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking Cross-site request forgery and Stored Cross-site scripting.  WooCommerce Product Attachment Authenticated stored Cross-site scripting. By hackers to upload keyloggers, We found Stored Cross-Site Scripting, Cross-Site Request Forgery and SQL Injection vulnerabilities that could be exploited, shells, crypto miners and other software or completely deface the website.. The worst part of this situation that forced us to send report to WordPress team is that all these plugins made to work only with WooCommerce. According to WordPress org plugin repository, there are over 19,400 active installs of these plugins and it means that there is bunch of vulnerable e-shops out there..  Read more