Security Links
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code "1234" and authenticate as any user, including administrators.

TechRepublic Security Articles

The TechRepublic team has one simple goal; helping you make great decisions about technology. From breaking IT news to best practices, advice, and how-tos…our global team of tech journalists, industry analysts and real-world IT professionals has the tech market covered like no other site.

Visit Website