Thousands of WordPress websites were found using a vulnerability add-on that allows threat actors to take over the site entirely. Researchers uncovered a critical flaw in YITH WooCommerce Gift Cards Premium, an add-on for the website builder providing an interface to build gift cards on WordPress sites, which is reportedly being used by more than 50,000 websites. The flaw itself is an unauthenticated arbitrary file upload vulnerability, allowing crooks, among other things, to upload web shells and gain full access to the target website.
…
Read more