The Popular WooCommerce Booster plugin patched a Shown Cross-Site Scripting vulnerability, impacting up to 70,000+ websites using the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that offers over 100 functions for customizing WooCommerce stores.
The modular package provides all of the most essential performances necessary to run an ecommerce shop such as a custom-made payment gateways, shopping cart modification, and personalized price labels and buttons.
Reflected Cross Website Scripting (XSS)
A showed cross-site scripting vulnerability on WordPress normally happens when an input anticipates something specific (like an image upload or text) however enables other inputs, including malicious scripts.
An opponent can then carry out scripts on a site visitor’s internet browser.
If the user is an admin then there can be a potential for the assailant taking the admin credentials and taking over the website.
The non-profit Open Web Application Security Task (OWASP) explains this type of vulnerability:
“Shown attacks are those where the injected script is shown off the web server, such as in an error message, search engine result, or any other action that includes some or all of the input sent out to the server as part of the request.
Shown attacks are provided to victims through another path, such as in an e-mail message, or on some other site.
… XSS can cause a variety of issues for completion user that range in intensity from an annoyance to finish account compromise.”
As of this time the vulnerability has not been designated a severity ranking.
This is the main description of the vulnerability by the U.S. Federal Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin prior to 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not leave some URLs and criteria before outputting them back in qualities, causing Reflected Cross-Site Scripting.”
What that suggests is that the vulnerability includes a failure to “get away some URLs,” which implies to encode them in special characters (called ASCII).
Leaving URLs suggests encoding URLs in an anticipated format. So if a URL with a blank area is encountered a website might encoded that URL utilizing the ASCII characters “%20” to represent the encoded blank space.
It’s this failure to properly encode URLs which permits an attacker to input something else, presumably a destructive script although it might be something else like a redirection to malicious website.
Changelog Records Vulnerabilities
The plugins official log of software application updates (called a Changelog) refers to a Cross Website Request Forgery vulnerability.
The complimentary Booster for WooCommerce plugin changelog includes the following notation for version 6.0.1:
“REPAIRED– EMAILS & MISC.– General– Repaired CSRF concern for Booster User Roles Changer.
REPAIRED– Added Security vulnerability repairs.”
Users of the plugin should consider upgrading to the really newest version of the plugin.
Check out the advisory at the U.S. Federal Government National Vulnerability Database
Check out a summary of the vulnerability at the WPScan website
Booster for WooCommerce– Shown Cross-Site Scripting
Featured image by Best SMM Panel/Asier Romero