Malicious Access Plugin – Woo-Add-To-Carts

  • Resolved vincenzo1993dg

    (@vincenzo1993dg)


    5 years ago

    Hi,
    We have been using your “Flexible Checkout Fields” plugin for several years.
    This morning we realized that the checkout fields were all “wrong”, that is, there were fields other than those initially set.
    By checking in depth we realized that, by visiting the checkout page, a “Woo-Add-To-Carts” plugin developed by is downloaded which creates users with an administrator role.
    By enabling the diagnostic mode we deactivated all the plugins and reactivated them one by one and we realized that the cause is due to your plugin.
    Now we have uninstalled the “Flexible Checkout Fields” plugin and by visiting the checkout page no plugins are downloaded and no administrator user is generated.

    Can you give us more information?

    Thank you.

Viewing 8 replies - 16 through 23 (of 23 total)
  • emild

    (@emild)

    Very bad, what plugins you write about … since yours was the source of infection.

    There is nothing else – restore backup and update your plugin.

    • This reply was modified 5 years ago by emild.
    mahmoodrezaet

    (@mahmoodrezaet)

    Hi @martapaw

    Ive already deleted both plugins. I do not have the system status with the plugin installed.

    It is a little bit strange how the plugin did that and woocommerce security even did not noticed!

    nicky088

    (@nicky088)

    The problem still occur.
    I’ve activated Flexible Checkout Fields and PRO version, I went to settings, and I’ve got two new users.

    emild

    (@emild)

    @martapaw

    you take the matter seriously,

    In addition to update, please provide a list of steps to get rid of the infection, the infection returns in case someone removes it manually without restoring the backup:

    wp-content / uploads / 2020/02 delete woo-add-to-cart.zip
    wp-content / plugins delete Woo-Add-To-Carts
    deleting administrators
    reset all fields in Flexible Checkout Fields

    unfortunately you have no idea what you are writing about and dropping on other plugins, asking about the theme. It’s an unprofessional response to an infection.

    • This reply was modified 5 years ago by emild.

    Hello All,

    We will publish detailed step-by-step instructions soon. In the meantime, however, in short – if you have a backup before the problem occurred, the best solution would be to restore it + update the Flexible Checkout Fields plugin to version 2.3.2. If not, however, you should reset the settings of each section of the FCF fields, perform an update and check if the “Woo-Add-To-Carts” plug-in by “LinkFlowUsers” or other suspicious ones have been install, if yes, you need to delete them. Then you will need to delete the created additional administrative accounts from the user list level and check if additional files have been placed on the server.

    Best regards,
    Marta

    @martapaw sorry but this is not a correct patch. current_user_can will check the permission but not the intention.
    To do that, you have to add a nonce token. Without it, it’s now vulnerable to CSRF attack.
    Please fix it asap with a WordPress nonce token, https://developer.www.ads-software.com/reference/functions/wp_verify_nonce/
    @nintechnet maybe you should have give a GO for this patch :/

    thanks

    the same case like with latest themegrill vulnerability – no checks on admin-ajax call letting anybody to inject any script into page …

    Hello All,

    Thank you for your patience.

    Please see our article with the instructions: https://www.wpdesk.net/blog/flexible-checkout-fields-security-issue/ about this issue.

    @juliobox thank you. We provided the fastest solution to this issue. Further improvements are made in the background.

    Best regards,
    Marta

Viewing 8 replies - 16 through 23 (of 23 total)
  • The topic ‘Malicious Access Plugin – Woo-Add-To-Carts’ is closed to new replies.