Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cross-Site Request Forgery attack. Show all posts

New Vulnerabilities Discovered in 5 WooCommerce WordPress Plugins


The U.S. state authorities Nationwide Vulnerability Database (NVD) has recently warned of vulnerabilities in 5 WooCommerce WordPress plugins, where over 135,000 installations were affected.

Many of the vulnerabilities are rated 9.8, on the scale of 1-10, ranging in severity from moderate to as excessive as Essential. 

The respective vulnerabilities were provided a CVE (Common Vulnerabilities and Exposures) identity number, given to the discovered vulnerabilities. 

Advanced Order Exported For WooCommerce 

The Advanced Order Export for WooCommerce plugin that was installed on as many as 100,000 websites, is vulnerable to a Cross-Site Request Forgery attack (CSRF). 

A CSRF vulnerability is created via a flaw in a website plugin, that enables the threat actor to deceive the online user into conducting an unintentional action. 

Generally, a website browser consists of cookies that notify a website that a user is registered and logged in. The threat actor could assume the privilege levels of an admin, giving him complete access to a website. Consequently, exposing admin’s sensitive customer information. 

This vulnerability could lead to an export file download. It may be reasonable to presume that order data is the type of file an attacker can access, given that the plugin's goal is to export WooCommerce order data. 

1. Official Vulnerability Description: 

The Official vulnerability description states that “Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.” 

This vulnerability could impact all versions of the Advanced Order Export for WooCommerce plugin that is less than or equal to version 3.3.2. 

2. Advanced Dynamic Pricing for WooCommerce: 

The second affected plugin, the Superior Dynamic Pricing plugin for WooCommerce is being put in over 20,000 websites. The plugin was discovered to have two CSRF vulnerabilities, having an impact on all plugin versions lower than 4.1.6. 

The goal of the plugin is to make it simpler for retailers to create low-cost and pricing guidelines. 

The primary vulnerability (CVE-2022-43488) can result in a “rule sort migration.” 

The official description by the NVD reads “Cross-Web site Request Forgery (CSRF) vulnerability in Superior Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress resulting in rule sort migration.” 

3. Advanced Coupons for WooCommerce Coupons plugin: 

The third plugin that was affected, Advanced Coupons for WooCommerce Coupons, has over 10,000 installs. The issue being discovered in this plugin is as well a CSRF vulnerability, affecting all versions less than version 4.5.01. 

The official description by the NVD reads “Cross-Web site Request Forgery (CSRF) vulnerability in Superior Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress main to note dismissal.” 

4. WooCommerce Dropshipping by OPMC – Critical: 

The next affected plugin, named the WooCommerce Dropshipping by OPMC plugin has around 3,000 installations. 

A Critical Unauthenticated SQL injection vulnerability scored 9.8 (on a scale of 1-10), and occurs in versions of this plugin less than version 4.4. The SQL injection vulnerability leads an attacker to manipulate the WordPress database and assume admin-level permissions. Consequently, making changes to the database, erasing, or even downloading sensitive data. 

The NVD while describing this specific plugin vulnerability says, “The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection.” 

5. Role-Based Pricing for WooCommerce: 

This plugin consists of two CSRF vulnerabilities, with over 2,000 installations. 

As noted about another plugin, a CSRF vulnerability involves a threat actor deceiving the admin or other users into clicking on a link or performing some other malicious actions. This could result in the actor acquiring the user’s website permissions levels. This vulnerability is rated as high as 8.8. 

The NVD description of the first vulnerability warns “The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorization and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP” 

Following this, the official NVD description of the second vulnerability says, “The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorization and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog” 

Moreover, the official Role Based Pricing for WooCommerce WordPress plugin changelog states that the plugin is fully patched in version 1.6.2: 

“Changelog 2022-10-01 – version 1.6.2 

* Fixed the Arbitrary File Upload Vulnerability. 

* Fixed the issue of ajax nonce check.” 

Plan of Action

In order to avoid the consequences, users should update all the vulnerable plugins. It is also considered best to back up the website prior to the plugin updates and to test the plugin before updating, if at all feasible.