WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
Stay secure with the latest e-commerce cybersecurity trends, news, and tips to protect your online business from cyber threats.
Search across headline titles and summaries.
Background for this topic.
E-commerce is the online sale of goods or services through storefronts, marketplaces, mobile apps, and supporting payment and fulfilment systems. Its important assets include customer identities and addresses, payment data or payment tokens, order records, pricing, and account credentials. Availability and transaction integrity matter alongside confidentiality: customers must be able to place orders, and prices, inventory, and delivery details must not be altered improperly.
Security concerns span public websites and APIs, account takeover and payment fraud, vulnerable third-party components, and integrations with payment, logistics, and marketing providers. TLS protects communications, while strong authentication, secure session handling, input validation, patching, and monitoring help protect accounts and transactions. Payment-card environments may fall under PCI DSS; privacy obligations also govern personal data. E-commerce operators need tested controls for detecting fraud, limiting access, preserving audit records, and responding when systems or transaction data are compromised.
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.