A brute force attack is very resource intensive, but when using the collective processing power of a bot army, like the one used by this StealthWorker campaign, the task can be efficiently distributed for a much higher rate of success.
The FortiGuard Labs team recently discovered a Cross-Site Scripting (XSS) vulnerability in WooCommerce. WooCommerce is an open-source eCommerce platform built on WordPress.
WooCommerce is a free eCommerce plugin for WordPress. It has been downloaded over 1 million times and over 30% of all online stores are now powered by WooCommerce. I recently discovered that WooCommerce is vulnerable to a cross-site scripting (XSS) attack. This XSS vulnerability is caused because the WooCommerce tax rates setting incorrectly processes user-supplied data. Remote attackers are tricking WooCommerce administrators into uploading a malicious CSV file that claims to provide required tax rate data for a particular country or region..