WooCommerce Checkout Manager exploit

This is one that was announced by the company discussed in Big Trouble In Plugin Land. They dropped details and proof-of-concept exploit for a critical flaw in a widely-used WordPress plugin.

No fix is available, and the plugin has been pulled from the WordPress repository. (But that doesn’t help anyone who already has it installed and is dependent on its features.)

Big Trouble in Plugin Land

A WordPress security company—called “Plugin Vulnerabilities”—has recently gone rogue in order to protest against moderators of the WordPress’s official support forum. They’ve been publishing vulnerabilities in plugins without giving developers a chance to fix the problem before going public.

Doing so can put sites in danger – hackers are listening, and should this company find and publish a security hole in a plugin you’re using, the hackers can attack your site. Backups are critical! If you get caught in a zero-day exploit – so called because there are zero days available for the developer to fix the problem before it is announced to the world – you may need to revert to an earlier version of your site.