[Nulled] » Information security » Apparently, New Year's Eve is not up to updates
January 16 2023

Apparently, New Year's Eve is not up to updates

Apparently, New Year's Eve is not up to updates, especially when online stores on WordPress are actively selling gift cards through the popular plugin YITH WooCommerce Gift Cards Premium.

As it turned out, hackers who study the network and exploit the critical vulnerability of the CVE-2022-45359 plugin with a rating of 9.8 on CVSS, which allows unauthorized users to upload files to vulnerable resources, providing themselves with full control, are no less active.

According to the classics of the genre, everything about WordPress is always famous for the scale of threats and the error in YITH WooCommerce Gift Cards Premium is no exception, since the plugin is used on more than 50,000 sites.

The vulnerability was discovered on November 22 and affects all versions of the plugin up to 3.19.0.

The patch appeared as part of version 3.20.0, but since then the manufacturer has already released version 3.21.0 and now strongly recommends updating to it.

Wordfence researchers report that many sites still use a vulnerable version of the plugin, which unfortunately has not been ignored by attackers who are exploiting the bug in full swing to download backdoors, RCE and hijack other people's sites.

Experts have disassembled the exploit used by hackers and found out that the root of the problem lies in the import_actions_from_settings_panel function, which is associated with the admin_init hook.

In addition, this function does not perform CSRF and capability checks, which ultimately allows you to send POST requests to /wp-admin/admin-post.php to upload malicious executable PHP files to the site. In the logs, this is displayed as unexpected POST requests from unknown IP addresses.

Wordfence found out that hackers uploaded the following files to vulnerable sites:

• kon.php/1tes.php - loads into memory a copy of the marijuana shell file manager from a remote source (shell.prinsh[.]com);
• b.php — simple loader file;
• admin.php — password protected backdoor.

Analysts report that most of the attacks occurred in November before administrators had time to fix the vulnerability, but the second peak of hacks occurred on December 14, 2022.

The attacks continue to this day, and therefore it is necessary to update YITH WooCommerce Gift Cards Premium to version 3.21 as soon as possible.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

Related News

16 January 2023
Information security
Experts warn of a

Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB

Read more
16 January 2023
Information security
Thousands of Citrix ADC

Thousands of Citrix ADC and Gateway servers remain vulnerable to two major vulnerabilities fixed recently.

Read more
16 January 2023
Information security
Critical CVE-2022-44877

Critical CVE-2022-44877 with a severity rating of 9.8 out of 10, recently fixed in the Control Web Panel (formerly

Read more
15 January 2023
Information security
Synology has eliminated

Synology has eliminated a critical vulnerability in VPN routers

Read more
23 November 2022
WordPress»,WordPress Plugins
WordPress Persistent

WordPress Persistent Login (Premium) is a simple and convenient plugin. It allows your users to log in to your

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +5 Total articles 6751
  • +15 Comments 4235
  • +22 Users : 6069