For most of us having a profitable and high converting checkout page is one of the main goals of our WooCommerce sites.
So anytime there’s a plug-in vulnerability on a popular WooCommerce plug-in I want to make sure that I bring it to you as quickly and as efficiently as possible.
As a side note if you’re not on the email list please insert your email, your best email, and get on the list right now.
So this vulnerability is from a very popular WooCommerce plugin. It is called Flexible Checkout Fields for WooCommerce.
Make sure you are running version 2.3.4!
This plugin is installed on over 20,000+ sites. So, please: For the love of all that’s good and holy, make sure you use your Twitter Chirps plus all your Facebook posts to get the word out to everyone!
This is one of those zero-day vulnerability issues. And what that means is that the problem has existed from the beginning of this plugin’s creation. 😕
Which, in this plugin’s case is …. 2014!
Yes, that would be about 6 years ago!
To put that in easy-to-understand terms, you need to immediately update this Plug-In or delete it entirely.
Apparently hackers are using this plugin to inject new fields and scripts into the WooCommerce checkout page. Yes, the checkout page. Your store’s checkout page.
The page where people enter their credit card information!
Users have reported that an additional plug in is also being downloaded. And the interesting part about this is that the plug-in is not downloaded to the plugins folder but rather to the media library. And the downloaded file is called “Woo-Add-To-Carts.zip“
Yes, let’s recap that part again: It’s downloading a .zip file and then putting that .zip file into your media library. If you haven’t looked already, go open your media library right now and search for a file called “Woo-Add-To-Carts” – NOW! Please, for your sake, your business, and for your customers, go look for this file now.
If you are currently not using this plugin, great. But have you ever installed it and used it? Ever? In the history of your site? Have you ever installed and activated it?
If you just had a momentary thought of “HOLY SH!TBALLS BATMAN“,
then you would be correct!
See most folks don’t really keep a changelog of what plugins that they have previously installed in the past and what plugins did they have installed and then deleted as well.
So, again, not to be redundant here folks, but go check your site!
And on top of that, it would appear that new admin accounts are being created as well.
Now let’s stop and think about this for a second. Admin accounts are no joke. That is what enables somebody to do virtually, and literally, anything they want inside of your store.
🤚🛑✋With an admin account to your WooCommerce store anyone can jump in and change the PayPal email address.
🤚🛑✋With an admin account to your WooCommerce store anyone can jump in and change the Stripe.com keys as well.
See why I’m encouraging you to share this post? 😯
If you are currently running this plug-in please go back into your store IMMEDIATELY! Open up your users tab, click on administrators, and see if you have any unknown or suspicious admin users that you do not recognize.
If you would like a more detailed understanding of the plugin, you can read more about the hack, the vulnerability, and how to fix it HERE.