The Popular WooCommerce Booster plugin covered a Reflected Cross-Site Scripting vulnerability, affecting approximately 70,000+ websites using the plugin.
Booster for WooCommerce Vulnerability
Booster for WooCommerce is a popular all-in-one WordPress plugin that offers over 100 functions for personalizing WooCommerce stores.
The modular bundle uses all of the most necessary performances essential to run an ecommerce store such as a customized payment gateways, shopping cart customization, and tailored rate labels and buttons.
Reflected Cross Website Scripting (XSS)
A reflected cross-site scripting vulnerability on WordPress usually occurs when an input anticipates something specific (like an image upload or text) but enables other inputs, including destructive scripts.
An assailant can then carry out scripts on a website visitor’s internet browser.
If the user is an admin then there can be a capacity for the attacker stealing the admin credentials and taking control of the site.
The non-profit Open Web Application Security Project (OWASP) describes this kind of vulnerability:
“Shown attacks are those where the injected script is shown off the web server, such as in a mistake message, search results page, or any other action that includes some or all of the input sent out to the server as part of the request.
Shown attacks are provided to victims by means of another route, such as in an e-mail message, or on some other site.
… XSS can cause a variety of issues for completion user that range in seriousness from an inconvenience to complete account compromise.”
As of this time the vulnerability has actually not been appointed an intensity ranking.
This is the official description of the vulnerability by the U.S. Federal Government National Vulnerability Database:
“The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not leave some URLs and parameters before outputting them back in attributes, resulting in Reflected Cross-Site Scripting.”
What that indicates is that the vulnerability includes a failure to “escape some URLs,” which means to encode them in special characters (called ASCII).
Getting away URLs implies encoding URLs in an anticipated format. So if a URL with a blank area is come across a website might encoded that URL using the ASCII characters “%20” to represent the encoded blank space.
It’s this failure to appropriately encode URLs which permits an enemy to input something else, presumably a destructive script although it might be something else like a redirection to destructive site.
Changelog Records Vulnerabilities
The plugins main log of software application updates (called a Changelog) makes reference to a Cross Website Demand Forgery vulnerability.
The totally free Booster for WooCommerce plugin changelog includes the following notation for version 6.0.1:
“REPAIRED– EMAILS & MISC.– General– Repaired CSRF problem for Booster User Roles Changer.
REPAIRED– Added Security vulnerability repairs.”
Users of the plugin must consider updating to the very newest variation of the plugin.
Check out the advisory at the U.S. Government National Vulnerability Database
Read a summary of the vulnerability at the WPScan site
Booster for WooCommerce– Shown Cross-Site Scripting
Included image by Best SMM Panel/Asier Romero