Remote code execution in WooCommerce plugin for WordPress

Published: 2018-11-07 14:42:45
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CVSSv3 7.9 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Network
Public exploit Not available
Vulnerable software WooCommerce
Vulnerable software versions WooCommerce 3.4.5
WooCommerce 3.4.4
WooCommerce 3.4.3
Show more
Vendor URL WooCommerce

Security Advisory

1) Arbitrary file deletion

Description

The vulnerability allows a remote attacker with Shop Manager privileges to execute arbitrary code on the target system.

The weakness exists due to file deletion vulnerability in the plugin's log deletion functionality that Shop Manager have access. A remote attacker can use a design flaw in the WordPress permission system to gain Shop Manager privileges, escape out of the expected folder by adding to the passed argument, take over any administrator account and then execute code on the server.

Remediation

Update to version 3.4.6.

External links

https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/

Back to List