{"id":6668,"date":"2023-03-25T05:38:20","date_gmt":"2023-03-25T05:38:20","guid":{"rendered":"https:\/\/musilda.cz\/?p=6668"},"modified":"2023-03-25T05:38:20","modified_gmt":"2023-03-25T05:38:20","slug":"woocommerce-payments-plugin-obsahuje-kritickou-zranitelnost","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/woocommerce-payments-plugin-obsahuje-kritickou-zranitelnost\/","title":{"rendered":"WooCommerce Payments Plugin obsahuje kritickou zranitelnost"},"content":{"rendered":"\n

WooCommerce Payments, plugin, kter\u00fd umo\u017e\u0148uje majitel\u016fm obchod\u016f WooCommerce p\u0159ij\u00edmat platby kreditn\u00edmi a debetn\u00edmi kartami a spravovat transakce uvnit\u0159 administrace WordPressu, opravil zranitelnost Authentication Bypass and Privilege Escalation se sk\u00f3re CVSS 9.8 (Critical). Z\u00e1suvn\u00fd modul je aktivn\u00ed na v\u00edce ne\u017e 500 000 webov\u00fdch str\u00e1nk\u00e1ch.<\/p>\n\n\n\n

Beau Lebens, vedouc\u00ed technick\u00e9ho odd\u011blen\u00ed WooCommerce, dnes zve\u0159ejnil upozorn\u011bn\u00ed na zranitelnost, kter\u00e1 podle n\u011bj „m\u016f\u017ee v p\u0159\u00edpad\u011b zneu\u017eit\u00ed umo\u017enit neopr\u00e1vn\u011bn\u00fd p\u0159\u00edstup administr\u00e1tora k ovlivn\u011bn\u00fdm obchod\u016fm“. Objevil ji bezpe\u010dnostn\u00ed v\u00fdzkumn\u00edk, kter\u00fd se \u00fa\u010dastn\u00ed programu HackerOne spole\u010dnosti WooCommerce.<\/p>\n\n\n\n

Spole\u010dnost WooCommerce spolupracovala se serverem WordPress.org na vynucen\u00e9 aktualizaci web\u016f s platebn\u00edmi slu\u017ebami WooCommerce verz\u00ed 4.8.0 a\u017e 5.6.1 na opraven\u00e9 verze. Mnoho majitel\u016f obchod\u016f m\u00e1 automatick\u00e9 aktualizace vypnut\u00e9, aby zajistili \u0159\u00e1dn\u00e9 testov\u00e1n\u00ed p\u0159ed aktualizac\u00ed. Nyn\u00ed, kdy\u017e byla zranitelnost zve\u0159ejn\u011bna, je nutn\u00e9, aby v\u0161echny obchody s verz\u00ed 4.8.0+ z\u00e1suvn\u00e9ho modulu co nejd\u0159\u00edve provedly ru\u010dn\u00ed aktualizaci. Weby WooCommerce hostovan\u00e9 na serverech WordPress.com, Pressable a WPVIP ji\u017e byly opraveny.<\/p>\n\n\n\n

V tuto chv\u00edli nem\u00e1 WooCommerce \u017e\u00e1dn\u00e9 d\u016fkazy o zneu\u017eit\u00ed zranitelnosti, ale in\u017een\u00fd\u0159i pluginu doporu\u010duj\u00ed zkontrolovat, zda na webu nejsou neo\u010dek\u00e1van\u011b p\u0159id\u00e1ni u\u017eivatel\u00e9 administr\u00e1tora nebo p\u0159\u00edsp\u011bvky. Poradenstv\u00ed obsahuje dal\u0161\u00ed podrobnosti o tom, co d\u011blat, pokud se domn\u00edv\u00e1te, \u017ee byl v\u00e1\u0161 web napaden. Jako varovn\u00e9 opat\u0159en\u00ed spole\u010dnost WooCommerce do\u010dasn\u011b zak\u00e1zala beta program WooPay, proto\u017ee zranitelnost ovliv\u0148uje tuto novou pokladn\u00ed slu\u017ebu, kterou byla ve f\u00e1zi beta test\u016f.<\/p>\n","protected":false},"excerpt":{"rendered":"

WooCommerce Payments, plugin, kter\u00fd umo\u017e\u0148uje majitel\u016fm obchod\u016f WooCommerce p\u0159ij\u00edmat platby kreditn\u00edmi a debetn\u00edmi kartami a spravovat transakce uvnit\u0159 administrace WordPressu, opravil zranitelnost Authentication Bypass and Privilege Escalation se sk\u00f3re CVSS 9.8 (Critical). Z\u00e1suvn\u00fd modul je aktivn\u00ed na v\u00edce ne\u017e 500 000 webov\u00fdch str\u00e1nk\u00e1ch. Beau Lebens, vedouc\u00ed technick\u00e9ho odd\u011blen\u00ed WooCommerce, dnes zve\u0159ejnil upozorn\u011bn\u00ed na zranitelnost, kter\u00e1<\/p>\n","protected":false},"author":1,"featured_media":8732,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[425],"class_list":["post-6668","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","tag-woocommerce"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/6668"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=6668"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/6668\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/8732"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=6668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=6668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=6668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}