SB2020022803 - Embedded malicious code (backdoor) in wpdefault plugin for WordPress
Published: February 28, 2020
Security Bulletin ID
SB2020022803
Severity
High
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Embedded malicious code (backdoor) (CVE-ID: N/A)
The vulnerability allows a remote attacker to skim payment data from Woocommerce stores.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) within the "wpdefault.php" file that allows a remote attacker to gain unauthorized access to the application.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.