WooCommerce

“Magecart” Strikes Again: Long-Running Web Skimming Campaign Targets Global Payment Networks Magecart Campaign Fake Stripe Payment Form

Magecart Campaign Fake Stripe Payment Form

“Magecart” Strikes Again: Long-Running Web Skimming Campaign Targets Global Payment Networks

Do Son January 15, 2026

A vast and persistent web-skimming campaign has been unearthed, targeting the checkout pages of online retailers to...

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect ShopLentor LFI RCE, WooCommerce Plugin Flaw

ShopLentor LFI RCE, WooCommerce Plugin Flaw

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect

Do Son November 5, 2025

A critical-severity Local File Inclusion (LFI) flaw in the popular WordPress plugin ShopLentor – WooCommerce Builder for...

Magecart SMILODON Skimmer Infiltrates WooCommerce Via Rogue Plugin Hiding Payload in Fake PNG Image WooCommerce Skimmer, Fake PNG Steganography

WooCommerce Skimmer, Fake PNG Steganography

Magecart SMILODON Skimmer Infiltrates WooCommerce Via Rogue Plugin Hiding Payload in Fake PNG Image

Do Son October 31, 2025

The Wordfence Threat Intelligence Team has uncovered a highly sophisticated malware campaign targeting WordPress e-commerce sites using...

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover! PayU CommercePro, Account Takeover

PayU CommercePro, Account Takeover

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover!

Do Son June 9, 2025

A severe vulnerability in the PayU CommercePro plugin for WordPress, which has over 5,000 active installations, allows...

Unpatched & Critical (CVSS 10): TI WooCommerce Wishlist Vulnerability Affects 100K+ Sites

WooCommerce Wishlist vulnerability CVE-2025-47577

Unpatched & Critical (CVSS 10): TI WooCommerce Wishlist Vulnerability Affects 100K+ Sites

Do Son May 27, 2025

Researchers have discovered a critical security vulnerability in the TI WooCommerce Wishlist plugin, a widely-used tool that...

Stealthy Skimmer: New Formjacking Malware Targets WooCommerce Checkouts WooCommerce formjacking, stealthy skimmer

WooCommerce formjacking, stealthy skimmer

Stealthy Skimmer: New Formjacking Malware Targets WooCommerce Checkouts

Do Son May 23, 2025

The Wordfence Threat Intelligence Team has uncovered a new and deeply stealthy formjacking malware targeting WooCommerce, the...

WooCommerce Phishing Attack: Fake Vulnerability Exploits Store Owners Patchstack

Patchstack

WooCommerce Phishing Attack: Fake Vulnerability Exploits Store Owners

Do Son April 25, 2025

A new phishing campaign is targeting WooCommerce users with fake security vulnerability alerts, attempting to trick them...

Carding Automation: Malicious PyPI Package Threatens Stores Carding attacks

Carding attacks

Carding Automation: Malicious PyPI Package Threatens Stores

Do Son April 4, 2025

A recently discovered malicious Python package on the Python Package Index (PyPI) named “disgrasya” has been found...

CVE-2024-6457 (CVSS 9.8): Critical Flaw in HUSKY Plugin Threatens 100K+ WooCommerce Stores

CVE-2024-6457

CVE-2024-6457 (CVSS 9.8): Critical Flaw in HUSKY Plugin Threatens 100K+ WooCommerce Stores

Do Son July 16, 2024

A critical vulnerability has been discovered in the widely-used WordPress plugin, HUSKY – Products Filter Professional for...

Attackers Exploit Obscure WordPress Plugin to Steal Credit Card Data WooCommerce malware

WooCommerce malware

Attackers Exploit Obscure WordPress Plugin to Steal Credit Card Data

Do Son May 24, 2024

Cyber attackers are continually refining their methods to inject malware into websites, and the recent discovery by...