RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks

RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks

Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium.

CVE-2022-45359 Vulnerability

The CVE-2022-45359 vulnerability allows unauthenticated attackers to upload executables to vulnerable e-commerce websites, as well as install backdoors, obtain remote code execution, and take control of the website for further compromise. 

The bug is being weaponized to full access to a vulnerable website to sites running the YITH WooCommerce Gift Cards Premium plugin, WordPress security company Wordfence noted.

According to reports, Wordfence was able to reverse-engineer the exploit using attack data and a copy of the vulnerable plugin, and they are now disclosing details about its operation.Sending a request to /wp-admin/admin-post.php as an unauthenticated attacker will cause functions that run on admin init to be activated because admin init runs for any page in the /wp-admin/ directory.

The issue was discovered on November 22, 2022, and was addressed with the release of version 3.20.0.

Below are some files uploaded by threat actors in attacks analyzed by Wordfence:

  • kon.php/1tes.php – this file loads a copy of the “marijuana shell” file manager in memory from a remote location (shell[.]prinsh[.]com)
  • b.php – this file is a simple uploader
  • admin.php – this file is a password-protected backdoor

The vulnerability has been exploited in attacks, with the following IP addresses accounting for the vast majority of exploitation attempts: 

  • 103.138.108[.]15 
  • 188.66.0[.]135 


Users of the WooCommerce Gift Cards plugin must update to version 3.20.0 or higher to avoid the vulnerability. 

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!