WooCommerce Checkout Manager Plugin Security Vulnerabilities

Orlando WordPress Maintenance

Orlando WordPress Developer

If you have asked yourself “How do I customize my WooCommerce Checkout page?” There’s a luckily a WordPress plugin that can help you! WooCommerce Checkout Manager allows you to customise the fields on your WooCommerce Checkout page.Tis plugin allows to rename your “cart”, make check out fields optional or required, or even create fields to display the order time. Nonetheless, as with any plugin, sometimes security vulnerabilities emerge. So, make sure to read below on how to address vulnerabilities for Woocommerce Checkout Manager.

WordPress Plugin Vulnerabilities

On May 2nd, 2019 Woocommerce Checkout Manager released an update that fixes two vulnerabilities, which are:

An arbitrary file upload flaw present in certain configurations. According to WordFence, this issue was first ” irresponsibly published on April 23rd without privately notifying the plugin’s author.”

A flaw allowing attackers to delete media files from affected sites. In conjunction with the file upload feature, the previous versions of the plugin are able to delete the attachments users have uploaded at checkout.

In order to prevent this vulnerabilities from affecting websites with WooCommerce Checkout Manager, users should update to version 4.3 of the plugin.

Updating to 4.3 Woocommerce Checkout Manager

After being notified by WordFence about the issue, the plugin’s author fixed and released version 4.3 of the plugin. So, if possible, websites with the plugin should update immediately. However, WordaFence has deployed a firewall rule that addresses the flaw allowing hackers to delete the media files. Premium users have immediate access to this new rule, and free users will gain access in 30 days.

Although there has not been any reported exploitation of these vulnerabilities, we would like to emphasize the importance of preventing future issues by updating WooCoomerce Checkout Manager as soon as possible.

Orlando WordPress Website Maintenance

If you would like to have the best Orlando WordPress developers help you keep you WooCommerce website safe , contact us!! We are expert WordPress developers & designers located in Orlando, Florida.


Category: Orlando Ecommerce, Orlando Wordpress, Wordpress Orlando Tags: , , , , , No Comments
Header image for article titled Google Services Combined in New Wordpress Plugin

Google Services Combined in New WordPress Plugin

Orlando Wordpress Developer Google recently launched a new Google Wordpress plugin called “Site Kit”, easing the ta... Read More »

WooCommerce 3.7 New Release

Orlando Website Developer WooCommerce now powers over 30% of all online stores with over 1M+ downloads WooCommerce 3.7... Read More »

Sync Your WooCommerce Store With QuickBooks

Orlando WordPress Developer Quickbooks is an accounting program that helps business owners manage bills, use payroll fu... Read More »