Over 30,000 WooCommerce Sites Exposed by Critical Plugin Flaw (CVE-2024-6027)
Over 30,000 WooCommerce-powered online stores may be at risk of a serious data breach due to a critical security flaw in the popular “Themify – WooCommerce Product Filter” plugin. The vulnerability, tracked as CVE-2024-6027 (CVSS 9.8), could allow attackers to extract sensitive information from a store’s database, including customer names, addresses, and even credit card details.
What’s the Issue?
The flaw stems from a time-based SQL injection vulnerability in how the plugin handles user-supplied data. An attacker can exploit this by manipulating the “conditions” parameter used for filtering product searches. This could grant them unauthorized access to the underlying database, potentially exposing a treasure trove of confidential information.
Who’s Affected?
Any online store running the Themify – WooCommerce Product Filter plugin version 1.4.9 or earlier is vulnerable. The plugin is highly popular, boasting over 30,000 active installations, making the potential impact widespread.
The Discovery and Patch
Security researcher Arkadiusz Hydzik discovered the CVE-2024-6027 vulnerability and responsibly disclosed it to the plugin developers. While there’s no evidence of the flaw being actively exploited yet, store owners must take action immediately as unpatched WordPress vulnerabilities are often targeted by cybercriminals.
What Should You Do?
If you use the Themify – WooCommerce Product Filter plugin, here’s what you need to do right away:
- Update Immediately: Upgrade the plugin to the latest version (1.5.0 or higher) as soon as possible. This patched version fixes the vulnerability and ensures your store’s security.
- Review Your Data: While there are no reports of active exploitation, it’s wise to audit your database and website logs for any suspicious activity. Look for any unauthorized access attempts or unusual data modifications.
- Consider Professional Help: If you’re not comfortable updating the plugin yourself or are unsure if your site has been compromised, seek assistance from a cybersecurity professional.
