The Popular WooCommerce Booster plugin patched a Reflected Cross-Site Scripting vulnerability, impacting approximately 70,000+ sites utilizing the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that uses over 100 functions for personalizing WooCommerce shops.
The modular bundle provides all of the most necessary functionalities essential to run an ecommerce shop such as a custom payment gateways, shopping cart customization, and personalized price labels and buttons.
Reflected Cross Site Scripting (XSS)
A reflected cross-site scripting vulnerability on WordPress usually takes place when an input anticipates something particular (like an image upload or text) but enables other inputs, including harmful scripts.
An opponent can then execute scripts on a site visitor’s web browser.
If the user is an admin then there can be a potential for the enemy taking the admin credentials and taking control of the site.
The non-profit Open Web Application Security Job (OWASP) explains this type of vulnerability:
“Shown attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that consists of some or all of the input sent out to the server as part of the request.
Reflected attacks are provided to victims through another path, such as in an e-mail message, or on some other site.
… XSS can cause a variety of problems for the end user that range in intensity from an inconvenience to finish account compromise.”
As of this time the vulnerability has not been appointed an intensity score.
This is the official description of the vulnerability by the U.S. Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin prior to 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and specifications prior to outputting them back in characteristics, causing Reflected Cross-Site Scripting.”
What that implies is that the vulnerability involves a failure to “leave some URLs,” which indicates to encode them in unique characters (called ASCII).
Leaving URLs suggests encoding URLs in an anticipated format. So if a URL with a blank area is encountered a website might encoded that URL using the ASCII characters “%20” to represent the encoded blank space.
It’s this failure to effectively encode URLs which allows an assailant to input something else, presumably a destructive script although it could be something else like a redirection to harmful website.
Changelog Records Vulnerabilities
The plugins main log of software application updates (called a Changelog) refers to a Cross Site Request Forgery vulnerability.
The complimentary Booster for WooCommerce plugin changelog consists of the following notation for variation 6.0.1:
“REPAIRED– EMAILS & MISC.– General– Repaired CSRF issue for Booster User Roles Changer.
FIXED– Added Security vulnerability fixes.”
Users of the plugin must think about updating to the very newest version of the plugin.
Check out the advisory at the U.S. Government National Vulnerability Database
Check out a summary of the vulnerability at the WPScan website
Booster for WooCommerce– Shown Cross-Site Scripting
Included image by Best SMM Panel/Asier Romero