The Popular WooCommerce Booster plugin covered a Reflected Cross-Site Scripting vulnerability, impacting approximately 70,000+ websites using the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that provides over 100 functions for customizing WooCommerce stores.
The modular package provides all of the most vital performances necessary to run an ecommerce store such as a custom-made payment gateways, shopping cart personalization, and personalized rate labels and buttons.
Shown Cross Website Scripting (XSS)
A showed cross-site scripting vulnerability on WordPress usually occurs when an input expects something particular (like an image upload or text) however enables other inputs, including harmful scripts.
An assaulter can then carry out scripts on a website visitor’s internet browser.
If the user is an admin then there can be a potential for the aggressor stealing the admin credentials and taking over the site.
The non-profit Open Web Application Security Project (OWASP) explains this type of vulnerability:
“Shown attacks are those where the injected script is shown off the web server, such as in an error message, search results page, or any other response that includes some or all of the input sent to the server as part of the demand.
Shown attacks are provided to victims through another route, such as in an e-mail message, or on some other site.
… XSS can trigger a variety of problems for completion user that vary in intensity from an annoyance to finish account compromise.”
Since this time the vulnerability has not been appointed a severity score.
This is the official description of the vulnerability by the U.S. Federal Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin prior to 5.6.3, Booster Plus for WooCommerce WordPress plugin prior to 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not get away some URLs and criteria prior to outputting them back in attributes, causing Shown Cross-Site Scripting.”
What that implies is that the vulnerability involves a failure to “get away some URLs,” which suggests to encode them in unique characters (called ASCII).
Escaping URLs implies encoding URLs in an anticipated format. So if a URL with a blank area is encountered a website may encoded that URL utilizing the ASCII characters “%20” to represent the encoded blank space.
It’s this failure to properly encode URLs which permits an assailant to input something else, most likely a malicious script although it could be something else like a redirection to harmful website.
Changelog Records Vulnerabilities
The plugins main log of software updates (called a Changelog) refers to a Cross Site Demand Forgery vulnerability.
The complimentary Booster for WooCommerce plugin changelog consists of the following notation for version 6.0.1:
“REPAIRED– EMAILS & MISC.– General– Fixed CSRF problem for Booster User Roles Changer.
FIXED– Added Security vulnerability fixes.”
Users of the plugin need to think about updating to the extremely latest variation of the plugin.
Read the advisory at the U.S. Federal Government National Vulnerability Database
Read a summary of the vulnerability at the WPScan site
Booster for WooCommerce– Reflected Cross-Site Scripting
Included image by Best SMM Panel/Asier Romero