With over 5Million installs, Woocommerce is by far the most popular e-commerce plugin for WordPress.
There’s a ton of additional customized plugins for the woocommerce plugin itself. Plugins like shipping calculators, marketing, store enhancements and many other ecommerce specific plugins.
Not all of these plugins are maintained or developed by Woocommerce themselves, leaving a greater chance for security vulnerabilities.
The Discount Rules for Woocommerce helps you to create any type of bulk discounts, dynamic pricing, advanced discounts, percentage discounts, product based discounts, tiered discounts for your products.
Vulnerabilities in any plugin is bad, but a vulnerability in a plugin related to e-commerce, where money is exchanged makes them a prime target.
If you are running this plugin please make sure you update to the latest version. Versions 2.2.1 and lower were affected by this specific vulnerability.
Article Excerpt: On August 20, 2020, the Wordfence Threat Intelligence team was made aware of several vulnerabilities that had been patched in Discount Rules for WooCommerce, a WordPress plugin installed on over 40,000 sites.
We released a firewall rule to protect against these vulnerabilities the same day.
During our investigation, we also discovered a separate set of vulnerabilities in the plugin that were not yet patched, and released a firewall rule to protect against these separate vulnerabilities the next day, on August 21, 2020.
Continue Reading the full article: High-Severity Vulnerabilities Patched in Discount Rules for WooCommerce
Additional resources:
https://www.webarxsecurity.com/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/