WooCommerce Vulnerabilities JAN 2022
Be informed about the latest WooCommerce Vulnerabilities JAN 2022 Threat Case Study, identified and reported publicly. These breaches create even more problems and vulnerability exploitation with a severe negative impact on your recovery capabilities and business future. Contact us for our WooCommerce consulting.
A jaw-dropping approximated 707.000+ active WordPress sites are unable to depend on their recovery plan because of WooCommerce Vulnerabilities JAN 2022. The estimated number can increase with premium versions as they are private purchases.
If you are serious about your business running an online shop, then you need to pay attention because your WooCommerce is the most crucial factor where disaster hits your customers. In this post, we will share all the latest WooCommerce Vulnerabilities to help you prevent your eshop from revenue loss and angry shoppers backlash. The following cases made headlines PUBLICLY just last month in the WooCommerce Vulnerabilities JAN 2022 category:
TAILORED Woocommerce Services for a hassle-free online business.
- Ni WooCommerce Custom Order Status – SQL Injection
- Ni WooCommerce Custom Order status plugins helps you to improve your order system. You can easily create additional order status, edit, update and delete with integration of current WooCommerce Version. Active installations: 3,000+
- WCFM Marketplace – Best Multivendor Marketplace for WooCommerce – Unauthenticated SQL Injection
- WooCommerce Multivendor Marketplace (WCFM Marketplace) is the best free front end multi-vendor marketplace plugin on WordPress, powered by WooCommerce. It helps you to build your own dream marketplace like Amazon, eBay, etsy, AirBnB or Flipkart within minutes, with minimal setup. Active installations: 30,000+
- Kudos Donations – Easy donations and payments with Mollie – Arbitrary Items Deletion via CSRF
- Kudos Donations allows you to add a donate button anywhere on your website. Once a user clicks this button they will be greeted with a pop-up window where they can enter their details and how much they would like to donate. Active installations: 30+
- myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin – Reflected Cross-Site Scripting (XSS)
- myCred is an intelligent and adaptive points management system that allows you to build and manage a broad range of digital rewards including points, ranks and, badges on your WordPress/WooCommerce powered website. Active installations: 20,000+
- Booster for WooCommerce – Reflected Cross-Site Scripting (XSS) in PDF Invoicing Module
- Booster for WooCommerce – Reflected Cross-Site Scripting (XSS) in General Module
- Booster for WooCommerce – Reflected Cross-Site Scripting (XSS) in Product XML Feeds Module
- Replace all those WooCommerce plugins with one single plugin that does the job of them all, and then some! Booster combines everything you need to fully customize your site’s functionality into a single WooCommerce bundle, with 110 features and counting. With zero coding needed and easy setup options, Booster makes customization simple for everyone. Active installations: 80,000+
- Variation Swatches for WooCommerce – Stored Cross-Site Scripting (XSS)
- Variation Swatches for WooCommerce plugin provides a much nicer way to display variations of variable products. This plugin will help you select style for each attribute as color, image or label. With this plugin, you can present product colors, sizes, styles and many things in a better way which is not supported by WooCommerce. Active installations: 80,000+
- WooCommerce PDF Invoices & Packing Slips – Reflected Cross-Site Scripting (XSS)
- This WooCommerce extension automatically adds a PDF invoice to the order confirmation emails sent out to your customers. Includes a basic template (additional templates are available from WP Overnight) as well as the possibility to modify/create your own templates. In addition, you can choose to download or print invoices and packing slips from the WooCommerce order admin. Active installations: 300,000+
- Multivendor Marketplace Solution for WooCommerce – WC Marketplace – Unauthenticated AJAX Calls
- Afraid of launching an Online Marketplace? Well, worry no more WC Marketplace provides you with the best marketplace software, you can get, to kickstart your own virtual eCommerce marketplace. This free WordPress plugin equips you with the best of features that help to create any marketplace of your choice. So, create a website like Amazon, Etsy or Airbnb without any worries. Active installations: 10,000+
- WOOCS – Currency Switcher for WooCommerce. Professional and Free multi currency plugin – Pay in selected currency – Reflected Cross-Site Scripting (XSS)
- WOOCS – WooCommerce Currency Switcher is free WooCommerce multi currency switcher plugin for woocommerce, that allows your site visitors switch products prices currencies according to set currencies rates in the real time and pay in the selected currency (optionally). WOOCS is multi currency plugin that allows to add any currency to WooCommerce store. Ideal solution to make the serious WooCommerce store site in multiple currencies! Active installations: 60,000+
- Parsian Bank Woocommerce – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review.
- Simple Image Gallery – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review.
- WooCommerce EnvioPack – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of November 15, 2021 and is not available for download. This closure is permanent.
- myghpay WooCommerce Payment Gateway – Reflected Cross-Site Scripting (XSS)
- This plugin has been closed as of December 13, 2021 and is not available for download. This closure is temporary, pending a full review.
- Product Feed PRO for WooCommerce – Settings Update to Stored Cross-Site Scripting (XSS)
- Generate WooCommerce product feeds for all your marketing channels, such as Google Shopping (merchant center), Facebook Remarketing, Bing Ads, Billiger.de, Pricerunner, Skroutz and many more. Next to custom feeds there are over 100 pre-defined templates included for marketplaces, comparison shopping engines and search engines. This plugin provides high-quality product feed for Google Shopping and many many more. Active installations: 80,000+
- Profile Extra Fields by BestWebSoft – Reflected Cross-Site Scripting (XSS)
- Simple plugin which helps to add additional fields to the WooCommerce and WordPress website user profile page. Checkboxes, radio buttons, text, date, time, and phone number fields. Active installations: 2,000+
- SEUR Oficial – Stored Cross-Site Scripting (XSS)
- The SEUR plugin for WooCommerce allows you to manage your order dispatches in a fast and easy way. Generate your labels for each order and request collection from your own facilities whenever you need. You can configure your shipping rates based on urgency of delivery, weight, product price or buyer’s postcode. Active installations: 1,000+
- Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. – CSRF Bypass
- Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. – Reflected Cross-Site Scripting (XSS)
- WordPress Google Sheets Integration, Connects WordPress events and its most popular plugin with Google Spreadsheet via Google API and Service Account. Active installations: 1,000+
- Tabs – Responsive Tabs with WooCommerce Product Tab Extension – Unauthenticated Arbitrary Option Update
- Tabs – Responsive Tabs with WooCommerce Product Tab Extension brought to you the exclusive WordPress Tabs with WooCommerce integrated product tabs. It was designed to be the best way for adding dynamic content tabs very easily within any professional website and eCommerce store. This awesome animated tabs with CSS3 plugin is the best while creating responsive tabs with dropdown and unlimited effects & animation support. It is the most lightweight yet customizable WordPress Tabs plugin with major page builder integration. Active installations: 10,000+
Automate your Woocommerce, then focus on running your store and maximizing sales.
Running an online store pays you dividends beyond just having a good night’s sleep, knowing your customers will find your shop working from early morning to late midnight. The competition online is stiff, and many shoppers are looking for ways to get the best deals.
Any eshop module crash hits shoppers and owners hard. Downtime always has a per hour cost! As soon as your automated selling degrades or crashes, you start losing money. This is the revenue you forfeit every hour you’re down.
Are you able to prevent this? Maybe you depend on a non-existent lifeline!
WHY IS THE COST OF DOWNTIME CRUCIAL?
Cost of Downtime (per hour) = Revenue Loss + Productivity Loss + Recovery Cost + Intangible Cost (e.g. reputation, trust) + Aftermath Cost.
REVENUE LOSS
When your online shop is down, it will not be able to generate sales or revenue. The sad part is that online, your customers immediately go to your competition. This hits hard in the long run of any business.
PRODUCTIVITY LOSS
During downtime, employees get forced to stop working or have to shift to non-revenue-incurring activities, like getting systems back online, or even worst: just simply wait till it’s all back online. So, the cost of downtime increases because salaries, which are fixed costs, will be paid regardless of how much work gets done in those hours.
RECOVERY COST
The cost of downtime is not the only number to consider. Disaster recovery and resuming normal business operations can be costly as well. When outside help needs to be involved, as soon as possible, then whatever that help is, it is a pricey intervention. Also, there is no time to negotiate, as pressure builds each hour being offline.
INTANGIBLE COST
When your reputation suffers, your business suffers. Even the slightest downtime can have a significant impact on your customer’s trust to shift them to your worst nightmare: jumping ship to your competition.
AFTERMATH COST
Unfortunately, the costs keep accruing even after your store is working again. At a minimum, online experts (developers, system engineers, hosting support staff) need to find the root cause, solve it and implement safeguards against future outages. Again a new costly adventure, with an urgency pressure on it.
What is Vulnerability Knowledge?
As time passes, vulnerabilities are discovered in your plugins, theme and the version of WordPress core you are using. Those vulnerabilities (or Security holes) ALWAYS become public knowledge sooner rather, than later.