A researcher at RIPS Technologies GmbH, Simon Scannell, detected and reported a file deletion vulnerability in WooCommerce, a very popular WordPress plugin for e-shops, that allows shop managers to delete certain files and then take over any administrator account.
This vulnerability was fixed is version 3.4.6 that was released on October 11, 2018. If you’ve already updated to version 3.4.6, the good news for you is your job is done. If you haven’t yet updated, download the latest release or go to your dashboard > Updates to complete the update.
If you are subscribed to our Managed WordPress Hosting automatic updates, this patch would have been applied automatically for you.
Details of this Vulnerability
While this patch addresses WooCommerce specifically, the flaw exposes a design flaw in how WordPress handles privileges. The exploiting this file delete vulnerability can elevate the file delete in to a remote code execution vulnerability.
In plain language, if someone was to gain control of the user role shop manager (through a XSS vulnerability or phishing attack), by exploiting this vulnerability the shop manager can then take over any administrator account an execute whatever code they desire to further compromise your WordPress installation.
While any vulnerability is important to patch, the slightly good news with this potential exploit is that they do require access to the shop manager.
What is WooCommerce
It provides a very scalable and flexible solution that allows you sell basically anything that you offer and integrate shipping and payments as well.