Popular Plugin for WooCommerce Patches Vulnerability

Posted by

The Popular WooCommerce Booster plugin patched a Reflected Cross-Site Scripting vulnerability, impacting up to 70,000+ sites using the plugin.

Booster for WooCommerce Vulnerability

Booster for WooCommerce is a popular all-in-one WordPress plugin that uses over 100 functions for tailoring WooCommerce stores.

The modular package uses all of the most important functionalities needed to run an ecommerce shop such as a customized payment gateways, shopping cart personalization, and personalized rate labels and buttons.

Reflected Cross Site Scripting (XSS)

A reflected cross-site scripting vulnerability on WordPress typically takes place when an input expects something particular (like an image upload or text) however permits other inputs, consisting of harmful scripts.

An assailant can then carry out scripts on a website visitor’s internet browser.

If the user is an admin then there can be a capacity for the aggressor taking the admin qualifications and taking control of the site.

The non-profit Open Web Application Security Job (OWASP) explains this sort of vulnerability:

“Shown attacks are those where the injected script is shown off the web server, such as in a mistake message, search engine result, or any other action that includes some or all of the input sent out to the server as part of the request.

Reflected attacks are delivered to victims through another path, such as in an e-mail message, or on some other website.

… XSS can trigger a range of issues for completion user that vary in seriousness from an inconvenience to finish account compromise.”

As of this time the vulnerability has actually not been designated a severity score.

This is the main description of the vulnerability by the U.S. Government National Vulnerability Database:

“The Booster for WooCommerce WordPress plugin prior to 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not leave some URLs and specifications before outputting them back in characteristics, causing Shown Cross-Site Scripting.”

What that suggests is that the vulnerability involves a failure to “get away some URLs,” which suggests to encode them in unique characters (called ASCII).

Leaving URLs indicates encoding URLs in an expected format. So if a URL with a blank space is come across a site may encoded that URL using the ASCII characters “%20” to represent the encoded blank space.

It’s this failure to correctly encode URLs which enables an opponent to input something else, presumably a destructive script although it might be something else like a redirection to destructive website.

Changelog Records Vulnerabilities

The plugins official log of software updates (called a Changelog) makes reference to a Cross Website Demand Forgery vulnerability.

The free Booster for WooCommerce plugin changelog consists of the following notation for variation 6.0.1:

“FIXED– EMAILS & MISC.– General– Fixed CSRF issue for Booster User Roles Changer.

REPAIRED– Included Security vulnerability fixes.”

Users of the plugin ought to think about upgrading to the really most current variation of the plugin.

Citations

Check out the advisory at the U.S. Government National Vulnerability Database

CVE-2022-4227 Detail

Read a summary of the vulnerability at the WPScan site

Booster for WooCommerce– Reflected Cross-Site Scripting

Included image by SMM Panel/Asier Romero