"WooCommerce Bug Exploited in Targeted WordPress Attacks"

Security researchers at Wordfence have recorded over one million attempts to compromise a popular WordPress plugin over the past few days.  The researchers stated that the attacks began on July 14 and continued over the weekend, peaking at 1.3 million attacks against 157,000 sites on July 16.  The researchers noted that the attack exploited a critical WooCommerce Payments plugin vulnerability (CVE-2023-28121), which has a CVSS score of 9.8.  WooCommerce Payments enables users to accept card payments in WooCommerce-powered online stores and is said to have around 600,000 installations.  The researchers noted that the vulnerability in question would enable a remote attacker to impersonate an administrator and take control of an impacted WordPress site if exploited.  The researchers stated that they have seen threat actors attempting to use their admin privileges to remotely install the WP Console plugin on victim sites.  Once the WP Console plugin is installed, attackers use it to execute malicious code and place a file uploader in order to establish persistence.  The researchers noted that although the number of attack attempts recorded exceeded one million, the researchers claimed that this campaign is relatively targeted.  Unlike many other large-scale campaigns, which typically attack millions of sites indiscriminately, this one seems to be targeted against a smaller set of websites.  The WooCommerce Payments plugin vulnerability was patched by its developers on March 23 with version 5.6.2.  It affects versions 4.8.0 and higher.

Infosecurity reports: "WooCommerce Bug Exploited in Targeted WordPress Attacks"