Тoday, a serious vulnerability issue with one of the vastly used Yith plugins – the WooCommerce Wishlist was discovered by Sucuri. The latest plugin version – 2.2.0 patches the vulnerability but all versions prior to it are at risk. To protect our customers, who haven’t updated their plugin, our security team started working immediately and a WAF rule was just applied on our servers.

We’re very proud of our internal WAF (Web Application Firewall) system that protects all SiteGround shared and cloud servers. It allows us to dynamically add different rules across our network and block hacking attempts. The moment we got notified about the issue with the YITH WooCommerce Wishlist plugin, our security team started working on the case. We’ve managed to come up with a rule, that shields you against potential attacks utilizing this vulnerability. Although this does not patch the problem in its core, we’ve added protection against those, who try to utilize it. This said, we urge you to update to the latest plugin version, which includes the official patch for this vulnerability.

Thanks!

Please check your email to confirm your subscription.

Sign Up For More Awesome Content!

Sign up for our newsletters with the latest content and offer updates. You can unsubscribe at any time.

Name—Error message—

Email—Error message—

I agree to subscribe and I accept SiteGround Privacy Policy.

—Error message—

Subscribe

—Error message—

Google reCAPTCHA used. Privacy Policy and Terms of Service apply

var blog_subscribing_started = false;
var blog_subscribing_rendered = false;
var formSubmitBtn = $(‘form.subscribe-form’).find(‘.btn-submit’);
$(document).ready(function(ev) {
formSubmitBtn.on(‘click’, function(ev) {
ev.preventDefault();
let form = $(this).closest(‘.subscribe-form’);
if (blog_subscribing_started || $(this).hasClass(‘btn-disabled’)) {
return;
}

blog_subscribing_started = true;
blog_subscription_hide_errors(form);

grecaptcha.ready(function() {
grecaptcha.execute(r3k, {action: ‘submit’}).then(function(token) {
document.querySelectorAll(‘#rt3’).forEach(function(e) { e.value = token; })
blog_subscription_send_form(form);
});
});

});

})

function renderRecaptcha2(form) {
if (!$(‘#recaptcha2_challenge’).length) {
let verifyCallback = function(response) {
document.querySelectorAll(‘#rt2’).forEach(function(e) { e.value = token; })
};
$(‘