The Popular WooCommerce Booster plugin patched a Shown Cross-Site Scripting vulnerability, affecting up to 70,000+ sites utilizing the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that uses over 100 functions for tailoring WooCommerce stores.
The modular package offers all of the most vital functionalities essential to run an ecommerce store such as a custom-made payment gateways, shopping cart customization, and tailored cost labels and buttons.
Reflected Cross Site Scripting (XSS)
A showed cross-site scripting vulnerability on WordPress normally happens when an input anticipates something particular (like an image upload or text) however allows other inputs, consisting of harmful scripts.
An assailant can then carry out scripts on a website visitor’s web browser.
If the user is an admin then there can be a potential for the assaulter taking the admin credentials and taking control of the website.
The non-profit Open Web Application Security Job (OWASP) describes this type of vulnerability:
“Reflected attacks are those where the injected script is shown off the web server, such as in a mistake message, search engine result, or any other reaction that includes some or all of the input sent out to the server as part of the demand.
Shown attacks are delivered to victims through another route, such as in an e-mail message, or on some other website.
… XSS can trigger a range of problems for the end user that range in seriousness from an annoyance to finish account compromise.”
As of this time the vulnerability has actually not been designated a seriousness ranking.
This is the main description of the vulnerability by the U.S. Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin prior to 5.6.3, Booster Plus for WooCommerce WordPress plugin prior to 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not leave some URLs and parameters before outputting them back in qualities, resulting in Shown Cross-Site Scripting.”
What that means is that the vulnerability includes a failure to “get away some URLs,” which means to encode them in unique characters (called ASCII).
Escaping URLs indicates encoding URLs in an expected format. So if a URL with a blank space is experienced a website may encoded that URL using the ASCII characters “%20” to represent the encoded blank space.
It’s this failure to effectively encode URLs which permits an opponent to input something else, probably a harmful script although it might be something else like a redirection to malicious website.
Changelog Records Vulnerabilities
The plugins main log of software updates (called a Changelog) makes reference to a Cross Website Demand Forgery vulnerability.
The totally free Booster for WooCommerce plugin changelog consists of the following notation for variation 6.0.1:
“FIXED– EMAILS & MISC.– General– Fixed CSRF problem for Booster User Roles Changer.
REPAIRED– Included Security vulnerability fixes.”
Users of the plugin ought to think about upgrading to the really newest variation of the plugin.
Check out the advisory at the U.S. Federal Government National Vulnerability Database
Check out a summary of the vulnerability at the WPScan site
Booster for WooCommerce– Shown Cross-Site Scripting
Featured image by Best SMM Panel/Asier Romero