A vulnerability in a WordPress plugin

29.06.2020

Back to news

Magecart JavaScript code was put into the EXIF metadata of images by hackers – the code was then executed by the stores which got impacted. Malwarebytes research claims that fraud based on hiding credit card skimmers in image format files is a rare one.

The researchers were going to take the exploit analysed by them for a version of a favicon scam, but this one appeared to be radically different. WooCommerce plugin used by WordPress gave way to the malicious code.

JavaScript makes it possible to compromise practically any platform and gadget due to its popularity and omnipresence. This time the loaded code devoured names, addresses and credit card details.