FindMyHost

Web Hosting News

Future Hosting Advises WooCommerce Users to Update Immediately

Future Hosting Advises WooCommerce Users to Update Immediately
June 24
12:03 2015

Southfield, MI – Future Hosting, a specialized VPS hosting and dedicated server hosting provider, has warned users of the popular WordPress WooCommerce eCommerce plugin to update as soon as possible. A vulnerability in the plugin may allow attackers to access files that contain sensitive information that could put sites at risk of data loss or malware infection.

The security weakness, which was discovered and reported by researchers at security company Sucuri on June 10, 2015, leverages an object injection vulnerability present in WooCommerce. Only sites with WooCommerce’s PayPal Identity Token option activated are vulnerable.

Owners of vulnerable sites should update to the most recent version of the WooCommerce plugin, which includes a patch that fixes the problem.

Sucuri published a detailed proof of concept that shows how the vulnerability can be used to access files that contain sensitive information. The Sucuri POC leveraged the object injection vulnerability along with other known vulnerabilities to gain access to a site’s wp-config.php file, which contains the site’s database credentials and secret keys.

“We host a large number of WordPress users, many of whom use the WooCommerce plugin for eCommerce. Most have already applied the patch, but we’re aware that there are still a large number of vulnerable sites on the web,” said Maulesh Patel, VP of Operations of Future Hosting, “It’s important that vulnerabilities of this nature are given the widest possible exposure, so that site owners can make sure their users are not at risk.”

Vulnerabilities are regularly discovered in content management systems and their plugins. The recent WooCommerce vulnerability is an example of an effective application of security best practices. The vulnerability was disclosed and patched quickly, but without wide exposure, it is likely many sites will remain vulnerable.

About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit www.futurehosting.com

Research, evaluate and learn more about shared web Hosting at FindMyHost.com.

About Author

FindMyHost Editor

FindMyHost Editor

The 'Web Hosting Blog' at FindMyHost.com was established to provide the web hosting industry with the very latest in news, technology, interviews, event information and more. About FindMyHost.com: Launched in January 2001 to protect Web Host Consumers and Web Developers from making the wrong choice when choosing a Web host. FindMyHost.com showcases a selection of web hosting companies who have undergone our Approved Host program testing and provides reviews from customers.

Related Articles

0 Comments

No Comments Yet!

There are no comments at the moment, do you want to add one?

Write a comment

Write a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Special Offers:

SUBSCRIBE TO OUR MAILING LIST