The Popular WooCommerce Booster plugin covered a Shown Cross-Site Scripting vulnerability, impacting as much as 70,000+ sites utilizing the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that uses over 100 functions for tailoring WooCommerce shops.
The modular package provides all of the most vital functionalities required to run an ecommerce shop such as a custom-made payment gateways, shopping cart customization, and personalized rate labels and buttons.
Shown Cross Website Scripting (XSS)
A showed cross-site scripting vulnerability on WordPress normally occurs when an input expects something specific (like an image upload or text) however permits other inputs, including destructive scripts.
An assaulter can then perform scripts on a website visitor’s web browser.
If the user is an admin then there can be a potential for the enemy taking the admin qualifications and taking over the website.
The non-profit Open Web Application Security Job (OWASP) explains this type of vulnerability:
“Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search engine result, or any other response that includes some or all of the input sent out to the server as part of the demand.
Reflected attacks are provided to victims by means of another path, such as in an e-mail message, or on some other website.
… XSS can cause a range of issues for the end user that vary in seriousness from an annoyance to finish account compromise.”
Since this time the vulnerability has not been appointed a severity rating.
This is the main description of the vulnerability by the U.S. Federal Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin prior to 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and criteria prior to outputting them back in attributes, resulting in Reflected Cross-Site Scripting.”
What that implies is that the vulnerability includes a failure to “get away some URLs,” which implies to encode them in unique characters (called ASCII).
Escaping URLs means encoding URLs in an anticipated format. So if a URL with a blank space is encountered a website might encoded that URL utilizing the ASCII characters “%20” to represent the encoded blank space.
It’s this failure to effectively encode URLs which enables an assailant to input something else, most likely a harmful script although it might be something else like a redirection to malicious site.
Changelog Records Vulnerabilities
The plugins official log of software updates (called a Changelog) refers to a Cross Site Demand Forgery vulnerability.
The free Booster for WooCommerce plugin changelog includes the following notation for variation 6.0.1:
“FIXED– EMAILS & MISC.– General– Repaired CSRF issue for Booster User Roles Changer.
FIXED– Included Security vulnerability repairs.”
Users of the plugin need to think about upgrading to the extremely latest variation of the plugin.
Check out the advisory at the U.S. Federal Government National Vulnerability Database
Check out a summary of the vulnerability at the WPScan website
Booster for WooCommerce– Shown Cross-Site Scripting
Featured image by Best SMM Panel/Asier Romero