The Popular WooCommerce Booster plugin covered a Reflected Cross-Site Scripting vulnerability, impacting up to 70,000+ sites utilizing the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that provides over 100 functions for personalizing WooCommerce stores.
The modular package uses all of the most vital functionalities necessary to run an ecommerce store such as a customized payment gateways, shopping cart customization, and personalized price labels and buttons.
Reflected Cross Site Scripting (XSS)
A showed cross-site scripting vulnerability on WordPress normally takes place when an input anticipates something particular (like an image upload or text) but permits other inputs, consisting of harmful scripts.
An enemy can then execute scripts on a website visitor’s browser.
If the user is an admin then there can be a capacity for the enemy stealing the admin credentials and taking control of the site.
The non-profit Open Web Application Security Project (OWASP) describes this type of vulnerability:
“Shown attacks are those where the injected script is shown off the web server, such as in an error message, search result, or any other response that consists of some or all of the input sent out to the server as part of the demand.
Reflected attacks are provided to victims via another path, such as in an e-mail message, or on some other website.
… XSS can cause a variety of issues for completion user that range in seriousness from an annoyance to finish account compromise.”
Since this time the vulnerability has actually not been appointed a seriousness ranking.
This is the main description of the vulnerability by the U.S. Federal Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not get away some URLs and specifications prior to outputting them back in qualities, causing Reflected Cross-Site Scripting.”
What that means is that the vulnerability involves a failure to “get away some URLs,” which means to encode them in special characters (called ASCII).
Leaving URLs implies encoding URLs in an anticipated format. So if a URL with a blank area is encountered a website might encoded that URL utilizing the ASCII characters “%20” to represent the encoded blank space.
It’s this failure to effectively encode URLs which permits an aggressor to input something else, most likely a destructive script although it could be something else like a redirection to destructive website.
Changelog Records Vulnerabilities
The plugins main log of software application updates (called a Changelog) refers to a Cross Website Request Forgery vulnerability.
The totally free Booster for WooCommerce plugin changelog consists of the following notation for variation 6.0.1:
“FIXED– EMAILS & MISC.– General– Fixed CSRF issue for Booster User Roles Changer.
FIXED– Added Security vulnerability repairs.”
Users of the plugin need to think about updating to the extremely newest version of the plugin.
Check out the advisory at the U.S. Government National Vulnerability Database
Read a summary of the vulnerability at the WPScan site
Booster for WooCommerce– Shown Cross-Site Scripting
Featured image by Best SMM Panel/Asier Romero