Main Vulnerability Database SB2018110711

SB2018110711 - Remote code execution in WooCommerce plugin for WordPress

Published: November 7, 2018

Security Bulletin ID SB2018110711

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Arbitrary file deletion (CVE-ID: N/A)

The vulnerability allows a remote attacker with Shop Manager privileges to execute arbitrary code on the target system.

The weakness exists due to file deletion vulnerability in the plugin's log deletion functionality that Shop Manager have access. A remote attacker can use a design flaw in the WordPress permission system to gain Shop Manager privileges, escape out of the expected folder by adding to the passed argument, take over any administrator account and then execute code on the server.

Remediation

Install update from vendor's website.

References

https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/