Product Import Export for WooCommerce Plugin Vulnerability – Update Now!

CVECVE-2024-22152
CVSScvssV3_1: 8
SourceCVE-2024-22152

The Product Import Export for WooCommerce plugin, which is used for importing and exporting product data in WooCommerce powered websites, contains a vulnerability that allows attackers to upload malicious files.

The vulnerability tracked as CVE-2024-22152 has a CVSS score of 8, which means it is considered highly critical. Attackers can exploit this issue by uploading files of dangerous types, like PHP files, that can then be executed on the server to install malware or steal data.

The vulnerability exists in versions from an unknown version up to and including 2.3.7 of the Product Import Export for WooCommerce plugin. This plugin is used by many online stores to manage and sync product catalog and inventory data.

If you use this plugin, you should immediately update to the latest version. Version 2.3.8 and above have fixes for this file upload vulnerability. You should also check your server for any signs of compromise from this issue.

To stay protected, always keep your plugins and WordPress core updated to the latest versions. Review your server configurations and restrict file uploads to safe file types only. Use a security plugin to scan for vulnerabilities regularly.

References