Recently there seems to have been a surge in spam WooCommerce orders. They all seem to follow a similar pattern of:
74 Eastbourne Rd
They seem to use a random fake email address from the domain abbuzz.com
This seems to be a widespread issue, with a huge (now locked) thread on .org: https://wordpress.org/support/topic/failed-orders-fake-information/
In this thread, users have identified that it appears to be a bot looking for some specific vulnerabilities in the following plugins:
- Drag and Drop multiple file upload for Contact Form 7
- Super Store Finder
- Super Interactive Maps
- Super Logo Showcase
- WP File Manager
It also attempts to upgrade the WordPress database. If you have any of the above plugins, we’d suggest updating or removing them immediately. It’s also a good opportunity to make sure all other plugins, themes and core WordPress is up to date as well as having a good backup routine in place.
The bot also creates a series of usernames, it’s probably best to delete these as well as the spam orders.
How can we fight this?
A huge amount isn’t yet known about this attack, but a simple plugin has been made to stop these orders:
The plugin is quite basic in that it’s using a simple filter to block the known used name and email address domain from registration. Whilst this seems like a good short-term solution, we hope that the WooCommerce team will step up to provide a better long-term solution for this.
Have you been effected by this? Let us know in the comments.