Are You Using WordPress Plugin WooCommerce Abandoned Cart Lite?
Australia is not an exemption to the 20,000 times and still growing worldwide downloads of the WordPress plugin called WooCommerce Abandoned Cart Lite. While WordPress quickly began to take the lead, leaving its competitors Drupal and Joomla, its plugin comes with an advantage and a disadvantage. As a plus, default functions go beyond its capabilities. However, it can pose risks to website security if not properly checked. It’s useful but weak on cross-site scripting attempts.
How Hackers Take Advantage
The WooCommerce Abandoned Cart Lite plugin allows administrators to display all deserted carts for sales recovery. The add-on generates the most frequently sold items found in the dashboard, thus becomes a very useful tool for administrators.
However, hackers also use the same carts to compromise website security. The absence of cleanup query creates the opportunity for hackers.
Hackers can only inject a JavaScript payload into the carts only on weaker plugin versions to get through the website security. The script starts when an administrator account checks the affected carts from the dashboard. The code will then execute tasks to create two backdoor programs via a bit.ly link.
The first backdoor creates a hard encoded new administrator profile. The second backdoor scans the whole WordPress system for a disabled plugin, creates an email address at Mailinator and replicates itself as a back-up in case of discovery and in order to re-infect.
Attackers get notifications from the second backdoor created. With this, attackers can spam, get through your IT security, infect other PC and do other cybercrimes using the website.
The bit.ly links can be hard to distinguish as a source of malware, especially if the faulty cart is still active and the real administrator still has it on the dashboard. Not to mention, the other abandoned infected carts waiting for the first time clicks.
What You Can Do to Protect Your Business
Compromised website security may put the company behind its competitors. To protect your website and your business, do the following to delete an unwanted rogue user:
• Remove administrators with ‘woouser’ on the name field.
• Check and remove profiles with email addresses from Mailinator.
• Update to a version that has a built-in cleanup function (5.2.0 above, premium and pro versions).
• Check back the list of authorised administrators and delete any suspicious profile.
The Final Word
The WooCommerce Abandoned Cart Lite plugin has been both a tool for website administrators and attackers. Administrators recover sales, while attackers bypass website security. It may look difficult to fix, but there are solutions. Installing patch updates or a new plugin for an additional cost and having a keen eye on administrator details are just some ways to protecting your website and prevent the malware from spreading. If you want to learn more about website and IT security solutions, talk to us!