FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards

By Newsroom
A sophisticatedΒ MagecartΒ campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries. "In this campaign, all the victim websites we

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

By THN
Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked asΒ CVE-2023-28121Β (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

By Ravie Lakshmanan
A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked asΒ CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023. WooCommerce Stripe GatewayΒ allowsΒ e-commerce websites to directly accept

WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

By Paul Ducklin
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.

woo-1200

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

By Ravie Lakshmanan
Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1. Put differently, the issue could permit
❌