The Popular WooCommerce Booster plugin covered a Reflected Cross-Site Scripting vulnerability, affecting as much as 70,000+ websites using the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that uses over 100 functions for customizing WooCommerce shops.
The modular bundle uses all of the most essential performances essential to run an ecommerce shop such as a custom payment gateways, shopping cart personalization, and tailored price labels and buttons.
Shown Cross Site Scripting (XSS)
A reflected cross-site scripting vulnerability on WordPress generally occurs when an input anticipates something specific (like an image upload or text) but permits other inputs, including destructive scripts.
An assailant can then perform scripts on a site visitor’s browser.
If the user is an admin then there can be a potential for the opponent stealing the admin credentials and taking over the site.
The non-profit Open Web Application Security Task (OWASP) explains this kind of vulnerability:
“Reflected attacks are those where the injected script is shown off the web server, such as in an error message, search result, or any other action that includes some or all of the input sent to the server as part of the request.
Reflected attacks are delivered to victims via another path, such as in an e-mail message, or on some other site.
… XSS can trigger a range of issues for the end user that range in intensity from an inconvenience to finish account compromise.”
As of this time the vulnerability has not been designated an intensity score.
This is the official description of the vulnerability by the U.S. Federal Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and specifications before outputting them back in qualities, leading to Shown Cross-Site Scripting.”
What that suggests is that the vulnerability includes a failure to “escape some URLs,” which implies to encode them in unique characters (called ASCII).
Getting away URLs suggests encoding URLs in an expected format. So if a URL with a blank area is come across a website may encoded that URL utilizing the ASCII characters “%20” to represent the encoded blank area.
It’s this failure to correctly encode URLs which allows an enemy to input something else, presumably a malicious script although it might be something else like a redirection to destructive site.
Changelog Records Vulnerabilities
The plugins official log of software updates (called a Changelog) refers to a Cross Site Request Forgery vulnerability.
The free Booster for WooCommerce plugin changelog consists of the following notation for variation 6.0.1:
“REPAIRED– EMAILS & MISC.– General– Fixed CSRF issue for Booster User Roles Changer.
REPAIRED– Included Security vulnerability repairs.”
Users of the plugin must think about updating to the extremely newest version of the plugin.
Check out the advisory at the U.S. Federal Government National Vulnerability Database
Check out a summary of the vulnerability at the WPScan website
Booster for WooCommerce– Reflected Cross-Site Scripting
Included image by Best SMM Panel/Asier Romero