Sinisterly
WordPress's WooCommerce Fixes SQL Injection - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: General (https://sinister.ly/Forum-General)
+--- Forum: World News (https://sinister.ly/Forum-World-News)
+--- Thread: WordPress's WooCommerce Fixes SQL Injection (/Thread-WordPress-s-WooCommerce-Fixes-SQL-Injection)

WordPress's WooCommerce Fixes SQL Injection - Dismas - 07-25-2021

Looks like input sanitization practices are still bad, even though it's 2021. Many websites run this plugin and it's likely that a good portion still need to be updated.

Quote:WooCommerce, the popular e-commerce plugin for the WordPress content management system has been updated to patch a serious vulnerability that could be exploited without authentication.

Administrators are urged to install the latest release of the platform as the flaw affects more than 90 versions starting with 5.5.0.

Owned by Automattic, the company behind the WordPress.com blogging service, the WooCommerce plugin has more than five million installations.

Read More: https://www.bleepingcomputer.com/news/security/woocommerce-fixes-vulnerability-exposing-5-million-sites-to-data-theft/

RE: WordPress's WooCommerce Fixes SQL Injection - mothered - 07-25-2021

Quote:Looks like input sanitization practices are still bad, even though it's 2021
It's the very first thing that should be Implemented to help protect against SQLi.

You'd think In this day and age, It'd be standard practice with entities who operate on a medium to large scale.

RE: WordPress's WooCommerce Fixes SQL Injection - Alex1759 - 07-25-2021

That will stop the majority of automated hacks but the cleverer targeted hacks are a little harder to stop.

RE: WordPress's WooCommerce Fixes SQL Injection - Spooky - 07-25-2021

After all it is a free service, you get what you pay for. You would think that software/plugin secuirty would be a top priority considering its an e-commerce platform. SMH

RE: WordPress's WooCommerce Fixes SQL Injection - Mr.Kurd - 07-26-2021

I'm not really surprised after seeing Developers who still save passwords without hashing in database.

RE: WordPress's WooCommerce Fixes SQL Injection - mothered - 07-26-2021

(07-25-2021, 06:54 PM)Alex1759 Wrote: That will stop the majority of automated hacks but the cleverer targeted hacks are a little harder to stop.
Yes, It certainly will not prevent exploitation In Its entirety, but any form of protection Is better than nothing at all.