The Popular WooCommerce Booster plugin patched a Reflected Cross-Site Scripting vulnerability, impacting as much as 70,000+ websites using the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that provides over 100 functions for customizing WooCommerce stores.
The modular bundle uses all of the most vital functionalities required to run an ecommerce store such as a custom-made payment gateways, shopping cart personalization, and customized cost labels and buttons.
Reflected Cross Website Scripting (XSS)
A reflected cross-site scripting vulnerability on WordPress normally occurs when an input expects something specific (like an image upload or text) however allows other inputs, including malicious scripts.
An opponent can then execute scripts on a website visitor’s internet browser.
If the user is an admin then there can be a capacity for the attacker taking the admin qualifications and taking over the website.
The non-profit Open Web Application Security Job (OWASP) describes this kind of vulnerability:
“Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search engine result, or any other response that includes some or all of the input sent to the server as part of the demand.
Shown attacks are delivered to victims through another path, such as in an e-mail message, or on some other website.
… XSS can cause a range of issues for the end user that vary in severity from an inconvenience to finish account compromise.”
Since this time the vulnerability has actually not been designated an intensity rating.
This is the main description of the vulnerability by the U.S. Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin prior to 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin prior to 6.0.0 do not get away some URLs and parameters before outputting them back in attributes, resulting in Reflected Cross-Site Scripting.”
What that indicates is that the vulnerability involves a failure to “escape some URLs,” which indicates to encode them in special characters (called ASCII).
Getting away URLs suggests encoding URLs in an expected format. So if a URL with a blank area is encountered a website might encoded that URL utilizing the ASCII characters “%20” to represent the encoded blank area.
It’s this failure to effectively encode URLs which enables an assailant to input something else, most likely a destructive script although it might be something else like a redirection to destructive site.
Changelog Records Vulnerabilities
The plugins official log of software application updates (called a Changelog) makes reference to a Cross Site Request Forgery vulnerability.
The free Booster for WooCommerce plugin changelog includes the following notation for version 6.0.1:
“REPAIRED– EMAILS & MISC.– General– Repaired CSRF issue for Booster User Roles Changer.
REPAIRED– Included Security vulnerability fixes.”
Users of the plugin ought to consider updating to the very most current variation of the plugin.
Read the advisory at the U.S. Federal Government National Vulnerability Database
Read a summary of the vulnerability at the WPScan site
Booster for WooCommerce– Shown Cross-Site Scripting
Featured image by SMM Panel/Asier Romero