- Over 50,000 website owners use the plug-in YITH WooCommerce Gift Cards to sell gift cards in their online stores.
- The vulnerability is declared as a CVSS 9.8, by the National Vulnerability Database, making it a critical exploit.
- The Wordfence Threat Intelligence team has reverse-engineered the threat and it has been identified which line of code the problem presents itself in.
Web shells that grant full site access can be uploaded to susceptible websites by unauthenticated attackers by taking advantage of the vulnerability, identified as CVE-2022-45359 (CVSS v3: 9.8) on the YITH WooCommerce Gift Cards plugin. The hackers have been using the exploit to take advantage of over 50,000 websites. This risk can be avoided by getting the latest security update.
Older versions are still in danger
On November 22, 2022, CVE-2022 45359 was made public, affecting all plugin versions up to 3.19.0. Version 3.21.0 security update for the YITH WooCommerce Gift Cards plugin, which fixed the issue, is the suggested upgrade point.
A lot of websites continue to utilize outdated, weak versions, and attackers have already created a successful exploit to target them. It is recommended to get the latest security update as soon as possible.
The exploit has been reverse engineered
The Wordfence Threat Intelligence team was able to reverse engineer the exploit and found where the issue lays. The issue lies in the import_actions_from_settings_panel the function that runs on the admin_init hook.
Since admin_init runs for any page in the /wp-admin/ directory, it is possible to trigger functions that run on admin_init as an unauthenticated attacker by sending a request to /wp-admin/admin-post.php.
Since the function also does not perform any file type checks, any file type including executable PHP files can be uploaded. These attacks may appear in your logs as unexpected POST requests from unknown IP addresses.
Users of the YITH WooCommerce Gift Card plug-in are advised to update to the latest version as soon as possible due to the ongoing exploitation efforts.