Content management system WordPress has recently eliminated 10 insecure plugins that were developed for its widely-used e-commerce plugin WooCommerce. ThreatPress, a WordPress security firm, reported that the plugins had already been uploaded to close than 20,000 WordPress installations before their deletion last May 23. ThreatPress acknowledged that WordPress security has reacted quickly on the unreliable plugins, the problem is that many users may not be aware of the threat posed by the said plugins.
Source of the 10 insecure plugins
The 10 insecure plugins were developed by a firm named MULTIDOT, Inc. ThreatPress had reportedly notified the firm about the security issues posed by the plugins but failed to take action in updating the source code. MULTIDOT, Inc. was given three weeks by ThreatPress to update the plugins before informing WordPress of the security threats.
Some of the insecure plugins were the WooCommerce page visit counter which has more than 10,000 active installations, the category banner management plugin which has more than 3,000 active installations, and the digital goods check out which has more than 2,000 active installations.
Vulnerabilities of the insecure plugins
According to ThreatPress, these plugins are considered highly dangerous. It also claims various vulnerabilities which could be easily exploited and used to upload malicious software such as crypto miners and keyloggers.
It also said that the plugins can lead to cross-site scripting (XSS) attacks on websites which fail to confirm user input from various web forms, comment fields, and forums. XSS attacks happen when a hacker shows malicious code to a clueless user through a WordPress website. The script may then access the cookies and other information stored on the user’s side. These
attacks may also change the user views on a particular webpage as well as steal users’ accounts.
The threats posed by the insecure plugins are serious considering that these were developed for exclusive use in WooCommerce, a platform that has become very popular among online merchants especially those that facilitate credit card transactions.