WordPress plugin has been exploited in the wild to mount backdoors

Threat Advisories

WordPress plugin has been exploited in the wild to mount backdoors

Threat Level
Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Malicious actors are actively exploiting a critical vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin in order to plant backdoors on e-Commerce sites. The security flaw (CVE-2022-45359) exists due to the “import actions from settings panel” function, which runs on the “admin init” hook. Additionally, this function does not perform capability and CSRF checks, allowing unauthenticated attackers to upload files to vulnerable sites, including web shells that provide full site access. Over 50,000 websites continue to use vulnerable versions of the plugin, enabling threat actors to exploit the bug and plant a backdoor to perform remote code execution attacks.