Bleeping Computer

Carding tool abusing WooCommerce API downloaded 34K times on PyPI

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source ...
Searchenginejournal.com

WordPress WooCommerce Payments Plugin Vulnerability

Automattic, publishers of the WooCommerce plugin, announced the discovery and patch of a critical vulnerability in the WooCommerce Payments plugin. The vulnerability allows an attacker to gain ...
Bleeping Computer

WordPress force patching WooCommerce plugin with 500K installs

Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running the highly popular WooCommerce Payments for ...
Dark Reading

Attackers Pummel Millions of Websites via Critical WooCommerce Payments Flaw

Attackers have been exploiting a critical flaw in the WordPress WooCommerce Payments plug-in in a spate of attacks over the last few days that peaked at 1.3 million attempts against 157,000 sites on ...