By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    An Android that robbed your bank account -Kaspersky Daily
    8 months ago
    New CryptoLocker-like Malware for Android
    8 months ago
    Apple Watch And The Other Smartwatches
    8 months ago
    Latest News
    Safeguards against firmware signed with stolen MSI keys
    16 hours ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    16 hours ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
    6 days ago
    Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
    7 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    How To Configure Cloudflare To Maximize WordPress Speed + Security
    7 months ago
    Windows 11 build 25179 rolls out in the Dev Channel
    8 months ago
    How to set a static IP address on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    3 months ago
    Now you can speed up any video in your browser
    3 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    4 months ago
  • How To
    How ToShow More
    What is two-factor authentication | Kaspersky official blog
    2 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    4 days ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    4 days ago
    How Oxy uses hooks for maximum extensibility
    How Oxy uses hooks for maximum extensibility
    5 days ago
    The personal threat landscape: securing yourself smartly
    5 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to enable dark mode for new Outlook app on Windows 11
    3 weeks ago
    New Fraud in India with porn deepfakes
    8 months ago
    Google My Business Temporarily Removes Features Due to COVID-19
    8 months ago
    Latest News
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    2 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    2 days ago
    How to check USB4 devices specs from Settings on Windows 11
    2 days ago
    How to enable new header UI for File Explorer on Windows 11
    7 days ago
  • Glossary
  • My Bookmarks
Reading: Critical Vulnerability in YITH WooCommerce Gift Cards Premium Plugin: Update Now
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

Critical Vulnerability in YITH WooCommerce Gift Cards Premium Plugin: Update Now

Tom Grant
Last updated: 5 January
Tom Grant 5 months ago
Share
3 Min Read

A severe bug has been discovered in the YITH WooCommerce Gift Cards Premium plugin, which is utilized by over 50,000 websites. The vulnerability allows attackers to gain full control over affected resources.

The YITH WooCommerce Gift Cards Premium plugin enables website administrators to sell gift cards on their online stores. In November, a critical vulnerability (CVE-2022-45359, rated 9.8 on the CVSS scale) was found in the plugin, allowing unauthenticated attackers to upload files to vulnerable websites (including web shells that grant full control over the resource).

All versions of the plugin up to 3.19.0 are affected by the vulnerability. A patch was released with version 3.20.0, but the manufacturer has since released version 3.21.0 and recommends updating to it.

According to cybersecurity firm Wordfence, many websites are still using vulnerable versions of the plugin, and hackers have taken notice. The bug is being actively exploited, with attackers using the vulnerability to upload backdoors, execute remote code, and take over other websites.

The root of the problem lies in the “import_actions_from_settings_panel” function, which is connected to the “admin_init” hook and does not perform CSRF and capability checks. This allows POST requests to “/wp-admin/admin-post.php” to upload malicious PHP executables to the site.

Exploits have been observed in logs as unexpected POST requests from unknown IP addresses. Wordfence found that attackers have uploaded the following files to vulnerable websites:

  • “php/1tes.php”: loads a copy of the marijuana shell file manager from a remote source (shell.prinsh[.]com) into memory
  • “php”: a simple bootloader file
  • “php”: password-protected backdoor

Most of the attacks occurred in November, before administrators had time to fix the vulnerability, but a second peak of hacks was observed on December 14, 2022. The IP address 103.138.108.15 was a major source of attacks, with 19,604 attempts to hack 10,936 websites, followed by the IP address 188.66.0.135, which launched 1,220 attacks against 928 websites.

As the attacks are still ongoing, experts recommend updating YITH WooCommerce Gift Cards Premium to version 3.21 as soon as possible.

Translate this article

TAGGED: PoC, Software, WooCommerce
Tom Grant January 5, 2023 January 4, 2023
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Safeguards against firmware signed with stolen MSI keys
Threats 19 hours ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats 19 hours ago
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
News 2 days ago
How to enable Taskbar End Task option to close apps on Windows 11
News 2 days ago
How to check USB4 devices specs from Settings on Windows 11
News 2 days ago

Recent Posts

  • Safeguards against firmware signed with stolen MSI keys
  • WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
  • How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
  • How to enable Taskbar End Task option to close apps on Windows 11
  • How to check USB4 devices specs from Settings on Windows 11

You Might Also Like

Threats

Safeguards against firmware signed with stolen MSI keys

19 hours ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

19 hours ago
How To

What is two-factor authentication | Kaspersky official blog

2 days ago
How To

The personal threat landscape: securing yourself smartly

5 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

What is two-factor authentication | Kaspersky official blog
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
How Oxy uses hooks for maximum extensibility
The personal threat landscape: securing yourself smartly
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Previous Next
Hot News
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?