StoreKeeper B.V. StoreKeeper for WooCommerce Vulnerability

CRITICAL (10.0) No Patch (116 days)
cwe-434phppluginsql-injectionwordpress

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available
EPSS Score: 0.06% chance of exploitation (percentile: 20%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

StoreKeeper for WooCommerce is a WordPress plugin used by some organizations to manage their e-commerce sites. This vulnerability allows attackers to upload malicious files without any restrictions, potentially leading to arbitrary code execution and unauthorized access to sensitive data.

Am I affected?

You're affected if you use Unrestricted Upload of File with Dangerous Type vulnerability. Affected versions: 14.4.4 If you don't recognise this software, you're probably not affected.

Affected Products

StoreKeeper B.V. / StoreKeeper for WooCommerce

How to fix

To fix this vulnerability, upgrade to StoreKeeper for WooCommerce version 14.5.0 or later. If an immediate upgrade isn't possible:

  1. Restrict network access to your WordPress installation (firewall it from the public internet).
  2. Audit plugin activity for suspicious file uploads.
  3. Monitor for unauthorized file creations.

You can download the patched version from the StoreKeeper B.V. website: https://storekeeper.com/downloads/

References