WooCommerce, an open-source Ecommerce solution integrated into more than 5 million active WordPress sites, released emergency patches yesterday in order to address a new vulnerability. There is considerable evidence that the attack has been successfully attempted in the wild against targeted victims. Details have not yet been publicly disclosed in order to give merchants time to install the patch, but security researchers have determined that this is an SQL injection that allows the attacker to access information in the underlying database, including any customer information such as credit card numbers as well as employee credentials that could be used to in a chain of further attacks. The vulnerability affects versions 3.3 to 5.5 of the WooCommerce plugin and WooCommerce Blocks 2.5 to 5.5 plugin. Automated updates are being rolled out, but these may be unsuccessful if the latest version within a release branch has not been installed. See the link below for details.
12 Essentials for a Successful SOC Partnership
Binary Defense
January 12, 2023
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security
