WooCommerce, the popular e-commerce plugin for the WordPress content management system, has been updated to patch a serious vulnerability that could be exploited without authentication. WooCommerce is installed on more than 5 million websites globally.
<p>The discovery of a new SQL injection (SQLi) vulnerability in WooCommerce is a good reminder to check on the security and to update programs used with WordPress (in addition to checking on and updating WordPress itself). SQLi vulnerabilities are part of the OWASP Top 10 Web Application Risks, and well known, so it’s a surprise these vulnerabilities aren’t discovered during application development. This means it’s more important than ever to have runtime application security for WordPress and software that works with WordPress. </p>
<p>Runtime application security provides protection for well-known problems like zero day attacks and the OWASP Top 10. Additional support indicating the importance of runtime application security came in late 2020, when <a href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\" data-saferedirecturl=\"https://www.google.com/url?q=https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final&source=gmail&ust=1626519772664000&usg=AFQjCNGaLxo84Z1t3Zj5D46jDxv05OCSnw\">NIST SP 800-53</a> was published. The revised security and privacy framework included two major updates that offer insights into how security pros can improve their application security. The new framework includes requirements for both runtime application self-protection (RASP) and interactive application security testing (IAST).</p>