The Popular WooCommerce Booster plugin covered a Shown Cross-Site Scripting vulnerability, impacting approximately 70,000+ sites using the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that offers over 100 functions for tailoring WooCommerce stores.
The modular bundle provides all of the most vital functionalities essential to run an ecommerce shop such as a custom-made payment entrances, shopping cart personalization, and personalized cost labels and buttons.
Reflected Cross Site Scripting (XSS)
A showed cross-site scripting vulnerability on WordPress normally happens when an input expects something specific (like an image upload or text) however enables other inputs, including harmful scripts.
An assailant can then execute scripts on a site visitor’s web browser.
If the user is an admin then there can be a capacity for the assaulter taking the admin qualifications and taking control of the site.
The non-profit Open Web Application Security Job (OWASP) describes this kind of vulnerability:
“Shown attacks are those where the injected script is shown off the web server, such as in an error message, search results page, or any other reaction that includes some or all of the input sent to the server as part of the request.
Reflected attacks are delivered to victims through another route, such as in an e-mail message, or on some other site.
… XSS can cause a range of problems for the end user that range in seriousness from an inconvenience to complete account compromise.”
Since this time the vulnerability has actually not been designated an intensity score.
This is the main description of the vulnerability by the U.S. Federal Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and specifications before outputting them back in attributes, resulting in Reflected Cross-Site Scripting.”
What that indicates is that the vulnerability includes a failure to “escape some URLs,” which suggests to encode them in special characters (called ASCII).
Leaving URLs implies encoding URLs in an expected format. So if a URL with a blank area is experienced a site may encoded that URL utilizing the ASCII characters “%20” to represent the encoded blank area.
It’s this failure to appropriately encode URLs which permits an assailant to input something else, presumably a destructive script although it might be something else like a redirection to malicious site.
Changelog Records Vulnerabilities
The plugins official log of software application updates (called a Changelog) makes reference to a Cross Website Demand Forgery vulnerability.
The complimentary Booster for WooCommerce plugin changelog includes the following notation for version 6.0.1:
“REPAIRED– EMAILS & MISC.– General– Fixed CSRF concern for Booster User Roles Changer.
REPAIRED– Included Security vulnerability fixes.”
Users of the plugin should consider upgrading to the extremely newest version of the plugin.
Check out the advisory at the U.S. Government National Vulnerability Database
Check out a summary of the vulnerability at the WPScan website
Booster for WooCommerce– Shown Cross-Site Scripting
Featured image by SMM Panel/Asier Romero