Security Expert Re: Woocommerce Fixes Vulnerability Exposing 5 Million Sites To Data Theft

BACKGROUND:

WooCommerce, the popular e-commerce plugin for the WordPress content management system,  has been updated to patch a serious vulnerability that could be exploited without authentication. WooCommerce is installed on more than 5 million websites globally.

Experts Comments

July 16, 2021
Pravin Madhani
Co-founder and CEO
K2 Cyber Security

The discovery of a new SQL injection (SQLi) vulnerability in WooCommerce is a good reminder to check on the security and to update programs used with WordPress (in addition to checking on and updating WordPress itself).  SQLi vulnerabilities are part of the OWASP Top 10 Web Application Risks, and well known, so it’s a surprise these vulnerabilities aren’t discovered during application development.  This means it’s more important than ever to have runtime application security for

.....Read More

The discovery of a new SQL injection (SQLi) vulnerability in WooCommerce is a good reminder to check on the security and to update programs used with WordPress (in addition to checking on and updating WordPress itself).  SQLi vulnerabilities are part of the OWASP Top 10 Web Application Risks, and well known, so it’s a surprise these vulnerabilities aren’t discovered during application development.  This means it’s more important than ever to have runtime application security for WordPress and software that works with WordPress.

Runtime application security provides protection for well-known problems like zero day attacks and the OWASP Top 10.  Additional support indicating the importance of runtime application security came in late 2020, when NIST SP 800-53 was published.  The revised security and privacy framework included two major updates that offer insights into how security pros can improve their application security. The new framework includes requirements for both runtime application self-protection (RASP) and interactive application security testing (IAST).

  

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.