Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce

17:30
 
Share
 

Manage episode 297639698 series 2491387
By Mark Maunder. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. REvil ransomware gang targeted a zero-day vulnerability in Kaseya, used by many in the banking industry, before going dark. A new SolarWinds zero-day was found in their Serv-U FTP platform. WordPress 5.8 will be released next week with many new features, as well as removing support for Internet Explorer 11. Microsoft released a number of patches, including those patching 3 zero-day vulnerabilities.

125 episodes