fbpx

Subscribe to Newsletter

Welcome to Dorks Delivered

                             Call 07 3166 5465               The Socials

The WooCommerce Abandoned Cart Lite for WordPress Sites

Are You Using WordPress Plugin WooCommerce Abandoned Cart Lite?

Australia is not an exemption to the 20,000 times and still growing worldwide downloads of the WordPress plugin called WooCommerce Abandoned Cart Lite. While WordPress quickly began to take the lead, leaving its competitors Drupal and Joomla, its plugin comes with an advantage and a disadvantage. As a plus, default functions go beyond its capabilities. However, it can pose risks to website security if not properly checked. It's useful but weak on cross-site scripting attempts. 

How Hackers Take Advantage

The WooCommerce Abandoned Cart Lite plugin allows administrators to display all deserted carts for sales recovery. The add-on generates the most frequently sold items found in the dashboard, thus becomes a very useful tool for administrators.

However, hackers also use the same carts to compromise website security. The absence of cleanup query creates the opportunity for hackers.

Hackers can only inject a JavaScript payload into the carts only on weaker plugin versions to get through the website security. The script starts when an administrator account checks the affected carts from the dashboard. The code will then execute tasks to create two backdoor programs via a bit.ly link.

The first backdoor creates a hard encoded new administrator profile. The second backdoor scans the whole WordPress system for a disabled plugin, creates an email address at Mailinator and replicates itself as a back-up in case of discovery and in order to re-infect.

Attackers get notifications from the second backdoor created. With this, attackers can spam, get through your IT security, infect other PC and do other cybercrimes using the website.

The bit.ly links can be hard to distinguish as a source of malware, especially if the faulty cart is still active and the real administrator still has it on the dashboard. Not to mention, the other abandoned infected carts waiting for the first time clicks.


You May Also Like:

Why You Must Update Your Website Regularly

Website Platform Migration: Guide and Strategy

How to Make SEO Work for Your Website


What You Can Do to Protect Your Business

Compromised website security may put the company behind its competitors. To protect your website and your business, do the following to delete an unwanted rogue user:

• Remove administrators with ‘woouser’ on the name field.

• Check and remove profiles with email addresses from Mailinator.

• Update to a version that has a built-in cleanup function (5.2.0 above, premium and pro versions).

• Check back the list of authorised administrators and delete any suspicious profile.


Schedule an IT System Check!


The Final Word

The WooCommerce Abandoned Cart Lite plugin has been both a tool for website administrators and attackers. Administrators recover sales, while attackers bypass website security. It may look difficult to fix, but there are solutions. Installing patch updates or a new plugin for an additional cost and having a keen eye on administrator details are just some ways to protecting your website and prevent the malware from spreading. If you want to learn more about website and IT security solutions, talk to us!

 

10-Step IT Management Checklist
Contact a CHB Leader in Managed IT Support to learn more about IT outsourcing and other IT security solutions for your business.
Do you want to receive quality content about technology, business growth, life and mental health every week?

Subscribe to Our Newsletter

About Dorks Delivered


We are here to partner in your journey to streamline your systems and operations management. Implementing high‐tech solutions to ensure the integrity, uptime and accountability of all internal system processes gives you assurance that you have continuity.

 

Read more

Keep in Touch

 

  • PO BOX 1284 Beenleigh Queensland 4207
  • 1300 85 3675

Get Map

 

Dorks Delivered