Security Expert Re: Woocommerce Fixes Vulnerability Exposing 5 Million Sites To Data Theft

BACKGROUND:

WooCommerce, the popular e-commerce plugin for the WordPress content management system,  has been updated to patch a serious vulnerability that could be exploited without authentication. WooCommerce is installed on more than 5 million websites globally.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Pravin Madhani
Pravin Madhani , Co-founder and CEO
InfoSec Expert
July 16, 2021 11:09 am

<p>The discovery of a new SQL injection (SQLi) vulnerability in WooCommerce is a good reminder to check on the security and to update programs used with WordPress (in addition to checking on and updating WordPress itself).  SQLi vulnerabilities are part of the OWASP Top 10 Web Application Risks, and well known, so it’s a surprise these vulnerabilities aren’t discovered during application development.  This means it’s more important than ever to have runtime application security for WordPress and software that works with WordPress. </p>
<p>Runtime application security provides protection for well-known problems like zero day attacks and the OWASP Top 10.  Additional support indicating the importance of runtime application security came in late 2020, when <a href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\" data-saferedirecturl=\"https://www.google.com/url?q=https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final&source=gmail&ust=1626519772664000&usg=AFQjCNGaLxo84Z1t3Zj5D46jDxv05OCSnw\">NIST SP 800-53</a> was published.  The revised security and privacy framework included two major updates that offer insights into how security pros can improve their application security. The new framework includes requirements for both runtime application self-protection (RASP) and interactive application security testing (IAST).</p>
<p>  </p>

Last edited 1 year ago by Pravin Madhani
1
0
Would love your thoughts, please comment.x
()
x