E-commerce sites using the WordPress plugin Discount Rules for WooCommerce are being urged to patch two high-severity cross-site scripting flaws that could allow an attacker to hijack a targeted site. Two fixes for the flaws, first available on Aug. 22 and second on Sept. 2, failed to patch the problem.

A third round of patches for the bugs became available to customers on Sept. 9. On Thursday, the Wordfence Threat Intelligence researchers that were tipped-off to the vulnerabilities, publicly disclosed the flaws and offered a technical analysis.

“We strongly recommend updating to the latest version of this plugin, currently 2.2.1, as soon as possible, since the consequences of a breach on an e-Commerce site can be severe,” wrote researchers at Wordfence.

#vulnerabilities #web security #ajax #cross-site request forgery #cross-site scripting bug #csrf attacks #discount rules for woocommerce #fylcart #woocommerce #wordpress #xss