Results for ecommerce

Threat Research

Unveiling the Stealthworker Campaign

Given the impact of the Stealthworker Campaign, FortiGuard Labs has continued to monitor this threat to better understand its scale. Learn more about their findings.

By Rommel Joven October 23, 2019

Threat Research

New Stealth Worker Campaign Creates a Multi-platform Army of Brute Forcers

A brute force attack is very resource intensive, but when using the collective processing power of a bot army, like the one used by this StealthWorker campaign, the task can be efficiently distributed for a much higher rate of success.

By Rommel Joven March 06, 2019

Threat Research

WordPress WooCommerce XSS Vulnerability – Hijacking a Customer Account with a Crafted Image

The FortiGuard Labs team recently discovered a Cross-Site Scripting (XSS) vulnerability in WooCommerce. WooCommerce is an open-source eCommerce platform built on WordPress.

By Zhouyuan Yang March 04, 2019

Threat Research

WooCommerce Tax Rates Cross-Site Scripting Vulnerability

WooCommerce is a free eCommerce plugin for WordPress. It has been downloaded over 1 million times and over 30% of all online stores are now powered by WooCommerce. I recently discovered that WooCommerce is vulnerable to a cross-site scripting (XSS) attack. This XSS vulnerability is caused because the WooCommerce tax rates setting incorrectly processes user-supplied data. Remote attackers are tricking WooCommerce administrators into uploading a malicious CSV file that claims to provide required tax rate data for a particular country or region..

By Zhouyuan Yang December 16, 2016