Critical WooCommerce Vulnerability Targeted Hours After Patch
CyberWire Pro covered the news of a critical vulnerability detected in WordPress eCommerce plug-in WooCommerce. The vulnerability has been targeted by threat actors just as a patch was released. ThreatPost explains that as soon as WooCommerce became aware of the SQL-injection bug, reported by researchers at Development Operations Security and HackerOne on July 13, it immediately created and released an emergency patch to users, and the attacks began on July 15.
K2’s CEO and Co-Founder, Pravin Madhani was tapped for commentary by CyberWire Pro on the WooCommerce story.