Malicious Access Plugin – Woo-Add-To-Carts

Hi @martapaw

Ive already deleted both plugins. I do not have the system status with the plugin installed.

It is a little bit strange how the plugin did that and woocommerce security even did not noticed!

@martapaw

you take the matter seriously,

In addition to update, please provide a list of steps to get rid of the infection, the infection returns in case someone removes it manually without restoring the backup:

wp-content / uploads / 2020/02 delete woo-add-to-cart.zip
wp-content / plugins delete Woo-Add-To-Carts
deleting administrators
reset all fields in Flexible Checkout Fields

unfortunately you have no idea what you are writing about and dropping on other plugins, asking about the theme. It’s an unprofessional response to an infection.

• This reply was modified 3 years, 3 months ago by emild.

@martapaw sorry but this is not a correct patch. current_user_can will check the permission but not the intention.
To do that, you have to add a nonce token. Without it, it’s now vulnerable to CSRF attack.
Please fix it asap with a WordPress nonce token, https://developer.wordpress.org/reference/functions/wp_verify_nonce/
@nintechnet maybe you should have give a GO for this patch :/

thanks

Hello All,

Thank you for your patience.

Please see our article with the instructions: https://www.wpdesk.net/blog/flexible-checkout-fields-security-issue/ about this issue.

@juliobox thank you. We provided the fastest solution to this issue. Further improvements are made in the background.

Best regards,
Marta