Author Topic: WordPress sites vulnerable to WooCommerce plugin flaw  (Read 320 times)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 7366
  • Debbie says...
    • View Profile

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 4448
    • View Profile
Re: WordPress sites vulnerable to WooCommerce plugin flaw
« Reply #1 on: November 09, 2018, 04:16:25 PM »
WooCommerce is a beast. I believe the distro is bigger than the WP base distro. No surprise that it brings security concerns with it.

Leona

  • Inner Core
  • Hero Member
  • *
  • Posts: 520
    • View Profile
    • Email
Re: WordPress sites vulnerable to WooCommerce plugin flaw
« Reply #2 on: November 14, 2018, 10:04:09 AM »
You wouldn't give anyone but staff a shop manager account anyway as the role does have a lot of power, too much for what is required, if using staff that arnt trusted then a custom role is needed.

martinibuster

  • Inner Core
  • Full Member
  • *
  • Posts: 118
    • View Profile
    • Email
Re: WordPress sites vulnerable to WooCommerce plugin flaw
« Reply #3 on: November 15, 2018, 12:35:25 AM »
I saw that and declined to write about it for SEJ. It's not really a hole that an outsider can slip through and wreak havoc.

What IS kind of scary is that 25% of WP sites have outdated and unpatched versions of PHP. This probably affects a similar number of sites running magento and other CMS'.

In December, another 57% of WP sites will be running EOL legacy versions of PHP that will not receive further security patches or support of any kind.

https://www.searchenginejournal.com/wordpress-php/277067/

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 4448
    • View Profile
Re: WordPress sites vulnerable to WooCommerce plugin flaw
« Reply #4 on: November 15, 2018, 01:45:01 AM »
In December, another 57% of WP sites will be running EOL legacy versions of PHP that will not receive further security patches or support of any kind.

A lot, but probably not nearly 57%. A large number of these are on shared hosting and some of these hosts will run outdated versions until right up before they are required to move off them, in an effort to give clients as much time as possible. I think a significant number of those hosts wil turn off 5.6 and 7.0 as the deadline approaches.

Obviously, a lot won't. Some never will. PHP4 EOL was in 2008, and yet there are still 0.7% of PHP websites running on PHP4. That's insane
https://w3techs.com/technologies/details/pl-php/all/all

Leona

  • Inner Core
  • Hero Member
  • *
  • Posts: 520
    • View Profile
    • Email
Re: WordPress sites vulnerable to WooCommerce plugin flaw
« Reply #5 on: November 20, 2018, 11:40:58 AM »
Yes in recent months I have been on a few shared servers to upgrade the php for performance reasons and they were all set to default at 5.6.