A critical security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed. The vulnerability allows unauthenticated cyberattackers to make off with scads of information from an online store s database anything from customer data and payment-card info to employee credentials. The bug (CVE pending) was originally reported by Josh Ledford of Richmond, Va.-based Development Operations Security (DOS), with disclosure coordination help from HackerOne security researcher Thomas DeVoss (dawgyg)
Source: https://threatpost.com/zero-day-attacks-woocommerce-databases/167846/