Protect Your WooCommerce Store: Order Export & Import Plugin Vulnerability Discovered

CVECVE-2024-22135
CVSScvssV3_1: 8
SourceCVE-2024-22135

A critical vulnerability has been discovered in the Order Export & Import for WooCommerce plugin that could allow attackers to compromise WooCommerce stores.

The vulnerability, tracked as CVE-2024-22135, receives a CVSS score of 8 due to its ability to allow unrestricted uploads of dangerous file types. This could allow attackers to upload malicious files like PHP scripts or databases.

Order Export & Import for WooCommerce is a plugin that allows users to export and import orders from their WooCommerce store. However, versions 2.4.3 and below fail to properly restrict what file types can be uploaded. This opens the door for attackers to upload files that could take over the server or website.

If exploited, attackers could gain administrative access and full control over the store. They could then steal customer data, install malware, or scrape the website for other sensitive information.

All users of Order Export & Import for WooCommerce should update to version 2.4.4 or higher immediately. This fixes the file upload vulnerability. Store owners should also audit the server for any signs of compromise and make sure all plugins and themes are up to date. Enabling two-factor authentication is also recommended.

By taking quick action to update the vulnerable plugin, WooCommerce merchants can protect their stores and customers from this critical security risk. Keeping software updated is one of the best ways to stay ahead of attackers.

References