A large attack on WordPress sites that use the Abandoned Cart Lite for WooCommerce plugin has recently been discovered. With over 20,000 installations, this vulnerability puts a large number of people at risk. Even after upgrading your version of WordPress to the newest version, your site can still become susceptible to being hacked. This article will discuss how hackers can infect a website and how to prevent it from happening to your site.
With this vulnerability, hackers pretend to be customers and add items to their cart. When the time comes to enter their checkout information, they will insert fake information and inject code via a link to the billing "last name" field. They will then desert the cart, which causes the Abandoned Cart Lite plugin to log the information. The code that they injected will then run the moment anybody with administrator benefits logs in and views the abandoned carts in the backend of the website.
The moment someone checks the abandoned cart, the injected code opens up two "secret" doors into your site. The first door allows the hacker to develop an administrator user named 'woousers'. Since this is an admin user, they will have full access to your site.
The 2nd door is a bit more complex and is essentially a "backup" strategy in case something doesn't work with the first door. Basically, the injected code will look for any plugin that is installed on your site that is not active (disabled) and will then change the files of that plugin with malicious code, giving the hacker complete control.
So, how do you prevent this from happening? First, make sure to update your WordPress site. Since this plugin vulnerability has been discovered, Tyche Softwares, the creators of Abandoned Cart Lite for WooCommerce, has provided an update to fix this problem.
While the upgrade goes above and beyond and will instantly eliminate the 'woousers' if they are in your system, there is still a possibility of infection depending on the variety of 'doors' that were created.
Unfortunately, there isn't any way of knowing the number of sites that have been contaminated, so the best method to prevent against this from occurring is to run updates and keep an eye on your website over the next few weeks. If you have backups of your website, we recommend having it prepared in case something goes wrong.
The main key to protecting your website from vulnerabilities is to constantly take backups and run updates.
