{"id":27210,"date":"2023-01-03T11:03:21","date_gmt":"2023-01-03T11:03:21","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2023\/01\/03\/popular-plugin-for-woocommerce-patches-vulnerability\/"},"modified":"2023-01-03T11:03:21","modified_gmt":"2023-01-03T11:03:21","slug":"popular-plugin-for-woocommerce-patches-vulnerability","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2023\/01\/03\/popular-plugin-for-woocommerce-patches-vulnerability\/","title":{"rendered":"Popular Plugin for WooCommerce Patches Vulnerability"},"content":{"rendered":"

<\/a>\n
<\/p>\n

\n

The Popular WooCommerce Booster plugin patched a Reflected Cross-Site Scripting vulnerability, affecting up to 70,000+ websites using the plugin.<\/p>\n

Booster for WooCommerce Vulnerability<\/h2>\n

Booster for WooCommerce is a popular all-in-one WordPress plugin that offers over 100 functions for customizing WooCommerce stores.<\/p>\n

The modular bundle offers all of the most essential functionalities necessary to run an ecommerce store such as a custom payment gateways, shopping cart customization, and customized price labels and buttons.<\/p>\n

Reflected Cross Site Scripting (XSS)<\/h2>\n

A reflected cross-site scripting vulnerability on WordPress generally happens when an input expects something specific (like an image upload or text) but allows other inputs, including malicious scripts.<\/p>\n

An attacker can then execute scripts on a site visitor\u2019s browser.<\/p>\n

If the user is an admin then there can be a potential for the attacker stealing the admin credentials and taking over the site.<\/p>\n

The non-profit Open Web Application Security Project (OWASP) describes this kind of vulnerability<\/a>:<\/p>\n

\n

\u201cReflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request.<\/p>\n

Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other website.<\/p>\n

\u2026XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise.\u201d<\/p>\n<\/blockquote>\n

As of this time the vulnerability has not been assigned a severity rating.<\/p>\n

This is the official description<\/a> of the vulnerability by the U.S. Government National Vulnerability Database:<\/strong><\/p>\n

\n

\u201cThe Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting.\u201d<\/p>\n<\/blockquote>\n

What that means is that the vulnerability involves a failure to \u201cescape some URLs,\u201d which means to encode them in special characters (called ASCII).<\/p>\n

Escaping URLs means encoding URLs in an expected format. So if a URL with a blank space is encountered a website may encoded that URL using the ASCII characters \u201c%20\u201d to represent the encoded blank space.<\/p>\n

It\u2019s this failure to properly encode URLs which allows an attacker to input something else, presumably a malicious script although it could be something else like a redirection to malicious site.<\/p>\n

Changelog Records Vulnerabilities<\/p>\n

The plugins official log of software updates (called a Changelog) makes reference to a Cross Site Request Forgery vulnerability.<\/p>\n

The free Booster for WooCommerce plugin changelog<\/a> contains the following notation for version 6.0.1:<\/p>\n

\n

\u201cFIXED \u2013 EMAILS & MISC. \u2013 General \u2013 Fixed CSRF issue for Booster User Roles Changer.<\/p>\n

FIXED \u2013 Added Security vulnerability fixes.\u201d<\/p>\n<\/blockquote>\n

Users of the plugin should consider updating to the very latest version of the plugin.<\/p>\n\n

Citations<\/h2>\n

Read the advisory at the U.S. Government National Vulnerability Database<\/h3>\n

CVE-2022-4227 Detail<\/a><\/p>\n

Read a summary of the vulnerability at the WPScan website<\/h3>\n

Booster for WooCommerce \u2013 Reflected Cross-Site Scripting<\/a><\/p>\n

Featured image by Shutterstock\/Asier Romero<\/em><\/p>\n<\/div>\n