In late November, security researchers found a critical vulnerability in Yith’s WooCommerce Gift Cards plugin. Attackers can gain remote code execution through the vulnerability, identified as CVE-2022-45359 (CVSS score: 9.8), and ultimately take over WordPress websites.
The Yith WooCommerce Gift Cards plugin, which has over 50,000 downloads, enables e-commerce sites to generate gift cards that their customers can buy for others.
How Does the CVE-2022-45359 Vulnerability Affect?
The vulnerability affects WordPress sites that use the plugin’s version 3.19.0 or earlier.
The CVE-2022-45359 vulnerability allows unauthenticated attackers to upload executables to vulnerable e-commerce websites, as well as install backdoors, obtain remote code execution, and take control of the website for further compromise.
The vulnerability was discovered in an import function (import_actions_from_settings_panel) that runs on the admin_init hook, which is used by all pages in the /wp-admin/directory.
An attacker could use the vulnerability by sending special requests to the wp-admin/admin-post.php directory with particular parameters and payloads because the impacted function lacks CSRF (cross-site request forgery) and capability checks. Since the function also does not check file types, attackers are free to upload any file type, including PHP executable files.
Apply Fixed Updates to Prevent Attacks
The vulnerability has been exploited in attacks, with the following IP addresses accounting for the vast majority of exploitation attempts:
Site administrators can detect an attack by inspecting their logs for POST requests to wp-admin/admin-post.php. See additional indicators of compromise (IOCs) here.
Users of the WooCommerce Gift Cards plugin must update to version 3.20.0 or higher to avoid the vulnerability.
Better Prioritize Patches With SOCRadar
After fully compromising an e-commerce store, an attacker may try to scam its customers, causing business disruption, financial damage, and loss of customer trust.
Protect your brand with SOCRadar’s External Attack Surface Management (EASM), which can help identify vulnerabilities that put your digital assets at risk and warn you before any consequences arise, allowing you to manage actions and prioritize updates.