By Gagandeep Singh
25-Dec-2022
Attackers exploit a critical flaw in the YTTH WooCommerce Gift Cards Premium plugin.
The YTTH WooCommerce is a plugin that the website’s owners use to sell Gift cards in their online stores; the plugin is used on more than 50K websites.
The vulnerability exploited is traced as CVE-2022-45359 (CVSS v3: 9.8) allows hackers to upload files to websites that include web shells.
The web shells give full access to the website, and the vulnerability CVE-2022-45359 affects all versions of the plugin till v3.19.0.
The critical flaw was addressed in v3.20.0, although many people have not upgraded to the latest version, hence using the vulnerable versions.
Exploitation has already underway, with the attackers utilizing the vulnerability to obtain code execution, apply backdoors on the website, and start the takeover attacks.
The pundits at Wordfence reverse-engineered an exploit and said that the vulnerability was in the plugin's “import_actions_from_settings_panel.”
The experts at Wordfence believe that most of the attacks happened in November & then in December before the plugin author could patch it.