eShop plugin leaves 10,000+ WordPress sites open to hackers
IT security company High-Tech Bridge has identified a remote code execution vulnerability in the WordPress shopping cart plugin eShop, which can influence the execution of code and open back doors into 10,000+ live WordPress websites for hackers to exploit.
“The vulnerability exists due to insufficient validation of user-supplied input in “eshopcart” HTTP cookie,” according to the advisory from High-Tech Bridge. “In this case we can only overwrite string variables within the scope of ‘eshop_checkout()’ function in ‘/wp-content/plugins/eshop/checkout.php’ file.”
The post eShop Plugin Vulnerability Leaves 10,000+ WordPress Websites At Risk appeared first on IT SECURITY GURU. Read the rest of Article here….