Results for ecommerce

Threat Research

New Stealth Worker Campaign Creates a Multi-platform Army of Brute Forcers

A brute force attack is very resource intensive, but when using the collective processing power of a bot army, like the one used by this StealthWorker campaign, the task can be efficiently distributed for a much higher rate of success.

By Rommel JovenMarch 06, 2019

Threat Research

WordPress WooCommerce XSS Vulnerability – Hijacking a Customer Account with a Crafted Image

The FortiGuard Labs team recently discovered a Cross-Site Scripting (XSS) vulnerability in WooCommerce. WooCommerce is an open-source eCommerce platform built on WordPress.

By Zhouyuan YangMarch 04, 2019

Threat Research

WooCommerce Tax Rates Cross-Site Scripting Vulnerability

WooCommerce is a free eCommerce plugin for WordPress. It has been downloaded over 1 million times and over 30% of all online stores are now powered by WooCommerce. I recently discovered that WooCommerce is vulnerable to a cross-site scripting (XSS) attack. This XSS vulnerability is caused because the WooCommerce tax rates setting incorrectly processes user-supplied data. Remote attackers are tricking WooCommerce administrators into uploading a malicious CSV file that claims to provide required tax rate data for a particular country or region..

By Zhouyuan YangDecember 16, 2016