Possible WC cart exploit via Ajax

  • Hi all,

    Have raised this with Woothemes,but have noticed a potential black hat SEO exploit of WC. Not sure of the vector but it’s manifesting itself with URLs like this

    domain.com/index.php?/earnmoneyonlineforfree/988/trading-education.&forex=4&catid=988

    I am running WordFence (premium), Worpdrive’s Simple Firewall. I had Revslider active (latest version) but have since removed. WP admin and includes folders cleansed and wp config and includes hardened.

    No idea how this is still manifesting, here’s some CDATA
    /* <![CDATA[ */
    var wc_add_to_cart_params = {“ajax_url”:”\/wp-admin\/admin-ajax.php”,”wc_ajax_url”:”\/index.php?\/earnmoneyonlineforfree\/988\/trading-education_&forex=4&catid=988&wc-ajax=%%endpoint%%”,”i18n_view_cart”:”View Cart”,”cart_url”:”http:\/\/domain.com\/cart\/”,”is_cart”:””,”cart_redirect_after_add”:”no”};
    /* ]]> */

    Apologies if posting this is poor etiquette pls feel free to remove.

    https://www.ads-software.com/plugins/woocommerce/

  • The topic ‘Possible WC cart exploit via Ajax’ is closed to new replies.