A Facebook plugin created for a major e-commerce platform is said to be vulnerable in a way that allows threat actors to steal people's credit card information and, ultimately, money.
Security researchers at Friends-of-Presta have warned about a SQL injection vulnerability in pkfacebook, stating that they observed the flaw being abused in the wild.
Pkfacebook is a plugin for PrestaShop, an open source e-commerce platform that allows individuals and businesses to create and manage their online stores. This plugin allows people to register their accounts and log in, use Facebook, leave feedback on purchased items, and contact customer service.
Assume that we are all vulnerable
Friends-of-Presta is a community of software developers, integrators, agencies and publishers. According to their findings, as well as those of cybersecurity researchers TouchWeb, the SQL injection flaw is tracked as CVE-2024-36680. It is being abused by malicious actors to install credit card skimmers on vulnerable websites, allowing them to steal valuable payment information.
Promokit, the company that develops and maintains the Facebook plugin, says it fixed it “a long time ago” but, as beepcomputer finds, he did not provide any evidence for his claims. Currently, around 300,000 online stores use PrestaShop, but it is impossible to determine how many are vulnerable at this time.
Friends-Of-Presta believes that all users should consider themselves vulnerable and should do the following:
Update pkfacebook, make sure they use pSQL to avoid stored
Breaking into vulnerable e-commerce sites to steal people's credit card data is a popular form of cybercrime. MageCart was, at its peak, by far the most popular and disruptive credit card theft cybercrime group out there. While the group has managed to keep a low profile lately, security researchers at Malwarebytes found activity that could be linked to the group in May 2023.
