YITH WooCommerce Wishlist Protection Added


Тoday, a serious vulnerability issue with one of the vastly used Yith plugins - the WooCommerce Wishlist was discovered by Sucuri. The latest plugin version - 2.2.0 patches the vulnerability but all versions prior to it are at risk. To protect our customers, who haven't updated their plugin, our security team started working immediately and a WAF rule was just applied on our servers.

We’re very proud of our internal WAF (Web Application Firewall) system that protects all SiteGround shared and cloud servers. It allows us to dynamically add different rules across our network and block hacking attempts. The moment we got notified about the issue with YITH WooCommerce Wishlist plugin, our security team started working on the case. We’ve managed to come up with a rule, that shields you against potential attacks utilizing this vulnerability. Although this does not patch the problem in its core, we’ve added protection against those, who try to utilize it. This said, we urge you to update to the latest plugin version, which includes the official patch for this vulnerability.

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

7 Comments

  1. Reply January 19, 2018 / 11:22 AlekseySiteGround Team

    Thanks for your work guys! You, being so proactive, gives me a great feeling of being protected by my hosting company!

  2. Reply January 24, 2018 / 00:16 AdamSiteGround Team

    Thank you Siteground! Don't know what I'd do without you guys haha

  3. Reply January 24, 2018 / 10:58 BrianSiteGround Team

    This is great! I just recently started using a YITH plugin so I'm going to start researching its security...

  4. Reply January 26, 2018 / 02:23 TomaszSiteGround Team

    Wow, excellent, and good you communicate it directly on the dashboard, otherwise i wouldn't see it. THX Siteground!

  5. Reply January 27, 2018 / 04:36 Paul MorganSiteGround Team

    I came from Fashosts to Siteground, the difference between the two companies is astonishing. So glad I made the move. After constant hosting errors to a fast loading website. Now I see your firewall precautions for all your hosts, this was never part of my Fasthost account.
    I feel my websites are so much safer now, huge thanks.

  6. Reply March 12, 2018 / 15:21 Mirco BSiteGround Team

    What about the dedicates? Only shared / cloud are patched?

    • Reply March 13, 2018 / 07:26 Hristo PandjarovSiteGround Team

      On dedicated servers we don't have our WAF installed since the majorify of our customers have custom setups there.

Reply

* (Required)