Insufficient Privilege Validation in WooCommerce Checkout Manager

Insufficient Privilege Validation in WooCommerce Checkout ManagerDue to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you are using this plugin, we recommend that you update it to version 4.3 immediately.

As we’ve seen some exploit attempts occurring in the wild, we feel it is a good time to describe what the issue is.

Current State of the Vulnerability

This arbitrary file upload vulnerability was made public a few weeks ago and has recently been patched.

Continue reading Insufficient Privilege Validation in WooCommerce Checkout Manager at Sucuri Blog.

Source: Scuri check