This plugin is used by over 20 million people across the globe to easily import products from Shopify into their WordPress site. In certain circumstances, an attacker may be able to exploit this plugin to obtain arbitrary file permissions, allowing them to upload and delete files, or even install malicious code on the website. S2W – Import Shopify to WooCommerce plugin = 1.1.12 on WordPress.

CVE-2018-5732 (Arbitrary File Upload) - CVE-2018-5733 (Arbitrary File Upload) - CVE-2018-5734 (XSS) - CVE-2018-5735 (XSS) - CVE-2018-5736 (XSS) - CVE-2018-5737 (XSS) - CVE-2018-5738 (XSS) - CVE-2018-5739 (XSS) - CVE-2018-5740 (XSS) - CVE-2018-5741 (XSS) - CVE-2018-5742 (XSS) - CVE-2018-5743 (XSS) - CVE-2018-5744 (XSS) - CVE-2018-5745 (XSS) - CVE-2018-5746 (XSS) - CVE-2018-5747 (XSS) - CVE-2018-5748 (XSS) - CVE-2018-5749 (XSS) - CVE-2018-5750 (XSS) - CVE-2018

Overview

WordPress is a popular content management platform used by millions of websites. It has a simple interface and easy-to-use functionality, making it ideal for people looking to build their sites without any design or technical expertise.
The WordPress development team has been constantly adding new features in their updates and the most recent update was on January 18th, 2018. This update includes over 100 different changes which have improved the efficiency of WordPress’s code.

This plugin is used by over 20 million people across the globe to easily import products from Shopify into their WordPress site. In certain circumstances, an attacker may be able to exploit this plugin to obtain arbitrary file permissions, allowing them to upload and delete files, or even install malicious code on the website.
S2W – Import Shopify to WooCommerce plugin = 1.1.12 on WordPress.

Timeline

Published on: 11/18/2022 23:15:00 UTC
Last modified on: 11/22/2022 20:52:00 UTC

References