WooCommerce Vulnerabilities APR 2022
Be informed about the latest WooCommerce Vulnerabilities APR 2022 Threat Case Study, identified and reported publicly. These breaches create even more problems and vulnerability exploitation with a severe negative impact on your recovery capabilities and business future. Contact us for our WooCommerce security audit.
A jaw-dropping approximated 5.552.000+ active WordPress e-shops are unable to serve their customers as planned, because of WooCommerce Vulnerabilities APR 2022. It is a mind-boggling 560% INCREASE compared to last month. The estimated number can increase with premium versions and/or closed versions, as they are private purchases.
If you are serious about your business running an online shop, then you need to pay attention because your WooCommerce is the most crucial factor where disaster hits your customers. In this post, we will share all the latest WooCommerce Vulnerabilities to help you prevent your eshop from revenue loss and angry shoppers backlash. The following cases made headlines PUBLICLY just last month in the WooCommerce Vulnerabilities APR 2022 category:
TAILORED Woocommerce Services for a hassle-free online business.
- FiboSearch – Ajax Search for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 100,000+
- WooCommerce Pixel Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 40,000+
- Premmerce Permalink Manager for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 40,000+
- StoreCustomizer – WooCommerce plugin to Customize all WooCommerce Pages – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 30,000+
- Royal Elementor Addons (Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 20,000+
- WooCommerce Tiered Price Table – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 3,000+
- Product Customer List for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 10,000+
- Store Toolkit for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 3,000+
- Hide Shipping Method For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 10,000+
- Product Size Charts Plugin for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 10,000+
- Authorize.Net Payment Gateway For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 10,000+
- Flat Rate Shipping Plugin For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 3,000+
- Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimization (image SEO) + Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 10,000+
- XT Floating Cart for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 9,000+
- WooCommerce EU VAT Assistant – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 9,000+
- HuCommerce | Magyar WooCommerce kiegészítések – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 8,000+
- Remove Add to Cart WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 8,000+
- Thanks Redirect for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 8,000+
- Digital Goods for WooCommerce Checkout – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 7,000+
- Extra Fees Plugin for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 6,000+
- Product Attachment for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 6,000+
- WooCommerce Bulk Edit Products – WP Sheet Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 6,000+
- License Manager for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 5,000+
- Premmerce Brands for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 5,000+
- Custom WooCommerce Checkout Fields Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 5,000+
- Premmerce SEO for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 5,000+
- Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 6,000+
- WooCommerce – Country Based Payments – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 5,000+
- WooCommerce Banner and Carousel Slider for Category, Page – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 5,000+
- Premmerce Product Filter for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 4,000+
- Shipping Method Display Style for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 4,000+
- Agy – Age verification for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 4,000+
- Product Options and Price Calculation Formulas for WooCommerce – Uni CPO – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 3,000+
- Chat Button- Leads and Order over Chat – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 3,000+
- Spanish Market Enhancements for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 3,000+
- CartPops – High Converting Add To Cart Popup For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- Fraud Prevention Plugin for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- Booking Addon for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- Enhanced Ecommerce Google Analytics for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- Bulk WooCommerce Category Creator – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- Premmerce Product Search for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- Pay For Post with WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- WooCommerce upcoming Products – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- Smart Variations Images & Swatches for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 2,000+
- annasta Woocommerce Product Filters – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Local Delivery Drivers for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- WooBuddy -> WooCommerce BuddyPress Integration – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Change Price Title for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- WooCommerce Dynamic Pricing and Discount Rules – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- XT Variation Swatches for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Bulk Auto Image Title Attribute (Image Title tag) optimization (Image SEO) + Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- WooCommerce Disable Payment Methods based on cart conditions – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- WooCommerce Affiliate Plugin – Coupon Affiliates – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- WooCommerce Affiliate Plugin – Coupon Affiliates – Unauthenticated Stored Cross-Site Scripting (XSS)
- Active installations: 1,000+
- Premmerce WooCommerce Customers Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Woocommerce Customers Order History – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Premmerce Wholesale Pricing for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Dreamfox Media Payment gateway per Product for Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Featured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- APIExperts Square for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- Add Tiktok Pixel for Tiktok ads (+Woocommerce) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 1,000+
- WooCommerce PayPlug – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 900+
- Product Carousel For WooCommerce – WoorouSell – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 800+
- Commerce Coinbase For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 800+
- Wholesale For WooCommerce Lite – B2B & B2C Solution – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 700+
- Premmerce Wishlist for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 700+
- Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 700+
- Premmerce Multi-currency for Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 600+
- Fast Checkout for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 600+
- Location Picker at Checkout for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 500+
- Dreamfox Media Shipping gateway per Product for Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 500+
- Auto SEO META keywords (META tags keywords) optimization + WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 500+
- Premmerce Variation Swatches for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 500+
- ACF for WooCommerce Product – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 500+
- Really Simple Featured Video – Featured video support for Posts, Pages & WooCommerce Products – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 500+
- Product Author for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 500+
- WooCommerce Bulk Edit Coupons – WP Sheet Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 400+
- AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 400+
- Ether and ERC20 tokens WooCommerce Payment Gateway – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 400+
- WUPO Group Attributes for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- Gift Message for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- Cryptocurrency Product for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- Change Prices with Time for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 400+
- RaCar Clear Cart for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- Italian VAT Kit for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- jav’s – WooCommerce and Trello integration WooTrello – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- WooCommerce Country Catalogs – Product Country Restrictions – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- XT Quick View for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- Checkout with Zelle on Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 300+
- Advanced WC Analytics – Google Analytics Dashboard for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 200+
- Builder for WooCommerce reviews shortcodes – ReviewShort – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 200+
- Quote for WooCommerce Lite – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 200+
- Age Verification Screen for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 100+
- XT Ajax Add To Cart for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 100+
- XT Points & Rewards for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 100+
- WooCommerce Customers Table: View, Search, Bulk Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 100+
- NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor – Unauthenticated SQL Injection (SQLi)
- Active installations: 30,000+
- WPC Smart Wishlist for WooCommerce – Reflected Cross-Site Scripting (XSS)
- Active installations: 30,000+
- Sync WooCommerce Product feed to Google Shopping – SQL Injection (SQLi)
- This plugin has been closed as of February 21, 2022 and is not available for download. This closure is temporary, pending a full review.
- WooCommerce – Orders Status Change via PayPal Standard Gateway
- Active installations: 5+ million
- NS WooCommerce Watermark – Abuse of Functionality
- This plugin has been closed as of March 15, 2022 and is not available for download. This closure is temporary, pending a full review.
- GS Variation Swatches for WooCommerce – Reflected Cross-Site Scripting (XSS)
- Active installations: 200+
- Product Table for WooCommerce (wooproducttable.com) – Unauthenticated Arbitrary Function Call
- Active installations: 8,000+
- Woo Products Widgets For Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 9,000+
- Woo Ukrposhta – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
- Active installations: 500+
Automate your Woocommerce, then focus on running your store and maximizing sales.
Running an online store pays you dividends beyond just having a good night’s sleep, knowing your customers will find your shop working from early morning to late midnight. The competition online is stiff, and many shoppers are looking for ways to get the best deals.
Any eshop module crash hits shoppers and owners hard. Downtime always has a per hour cost! As soon as your automated selling degrades or crashes, you start losing money. This is the revenue you forfeit every hour you’re down.
Are you able to prevent this? Maybe you depend on a non-existent lifeline!
WHY IS THE COST OF DOWNTIME CRUCIAL?
Cost of Downtime (per hour) = Revenue Loss + Productivity Loss + Recovery Cost + Intangible Cost (e.g. reputation, trust) + Aftermath Cost.
REVENUE LOSS
When your online shop is down, it will not be able to generate sales or revenue. The sad part is that online, your customers immediately go to your competition. This hits hard in the long run of any business.
PRODUCTIVITY LOSS
During downtime, employees get forced to stop working or have to shift to non-revenue-incurring activities, like getting systems back online, or even worst: just simply wait till it’s all back online. So, the cost of downtime increases because salaries, which are fixed costs, will be paid regardless of how much work gets done in those hours.
RECOVERY COST
The cost of downtime is not the only number to consider. Disaster recovery and resuming normal business operations can be costly as well. When outside help needs to be involved, as soon as possible, then whatever that help is, it is a pricey intervention. Also, there is no time to negotiate, as pressure builds each hour being offline.
INTANGIBLE COST
When your reputation suffers, your business suffers. Even the slightest downtime can have a significant impact on your customer’s trust to shift them to your worst nightmare: jumping ship to your competition.
AFTERMATH COST
Unfortunately, the costs keep accruing even after your store is working again. At a minimum, online experts (developers, system engineers, hosting support staff) need to find the root cause, solve it and implement safeguards against future outages. Again a new costly adventure, with an urgency pressure on it.
What is Vulnerability Knowledge?
As time passes, vulnerabilities are discovered in your plugins, theme and the version of WordPress core you are using. Those vulnerabilities (or Security holes) ALWAYS become public knowledge sooner rather, than later.