WordPress Plugin Vulnerabilities Report – Booster for WooCommerce – Authenticated Stored Cross-Site Scripting & Information Disclosure – CVE-2023-4945, CVE-2023-4796
Plugin Name: Booster for WooCommerce
Key Information:
- Software Type: Plugin
- Software Slug: woocommerce-jetpack
- Software Status: Active
- Software Author: pluggabl
- Software Downloads: 3,353,295
- Active Installs: 60,000
- Last Updated: September 13, 2023
- Patched Versions: 7.1.1
- Affected Versions: <=7.1.0
Vulnerability Details:
1. Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
- Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE: CVE-2023-4945
- CVSS Score: 6.4 (medium)
- Publicly Published: September 13, 2023
- Researcher: Lana Codes
- Description: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user-supplied attributes.
2. Authenticated (Subscriber+) Information Disclosure via Shortcode
- Type: Information Exposure
- CVE: CVE-2023-4796
- CVSS Score: 4.3 (medium)
- Publicly Published: September 13, 2023
- Researcher: Lana Codes
- Description: The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode.
Summary:
The Booster for WooCommerce plugin for WordPress has vulnerabilities in versions up to and including 7.1.0 that expose users to Stored Cross-Site Scripting and Information Disclosure risks. These vulnerabilities have been patched in version 7.1.1.
Detailed Overview:
Two vulnerabilities have been identified by researcher Lana Codes in the Booster for WooCommerce plugin. The first vulnerability is related to Stored Cross-Site Scripting via multiple shortcodes. The risk involves insufficient input sanitization and output escaping on user-supplied attributes, making it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts.
The second vulnerability pertains to Information Disclosure via the 'wcj_wp_option' shortcode. This vulnerability allows authenticated attackers with subscriber-level capabilities or above to retrieve arbitrary sensitive site options.
Advice for Users:
- Immediate Action: Users are strongly encouraged to update to the patched version 7.1.1.
- Check for Signs of Vulnerability: Monitor your site logs for unauthorized shortcode usage or suspicious activity.
- Alternate Plugins: While a patch is available, users might still consider plugins that offer similar functionality as a precaution.
- Stay Updated: Always ensure that your plugins are updated to the latest versions to avoid vulnerabilities.
Conclusion:
The prompt response from the plugin developers to patch these vulnerabilities underscores the importance of timely updates. Users are advised to ensure that they are running version 7.1.1 or later to secure their WordPress installations.
References:
- Wordfence Threat Intel - Vulnerabilities in WooCommerce Jetpack
- Wordfence Threat Intel - Stored Cross-Site Scripting via Shortcode
- Wordfence Threat Intel - Information Disclosure via Shortcode
Detailed Report
Keeping your WordPress site and plugins up-to-date is critical for security, but we know it can be challenging to stay on top of everything when managing a small business. Unfortunately, outdated plugins are a common vector for hackers to exploit vulnerabilities and compromise sites. One popular eCommerce plugin, Booster for WooCommerce, was recently found to have multiple concerning security flaws that may put your site at risk if you use an older version.
Booster for WooCommerce is a performance enhancement and marketing plugin made by pluggabl with over 3 million downloads and 60,000 active installs. However, researcher Lana Codes recently disclosed two potentially serious vulnerabilities affecting versions up to and including 7.1.0.
The first vulnerability allows for stored cross-site scripting attacks if exploited by an authenticated user with contributor access or higher. This could let an attacker inject malicious scripts into your site that extract data or take over user accounts. The second vulnerability enables information disclosure of sensitive site options if exploited by a subscriber-level user or higher.
Both of these flaws received CVSS severity scores of 6.4 and 4.3 out of 10, meaning they pose a medium risk of compromise. The vulnerabilities enable serious forms of attack if successfully exploited, potentially exposing customer data, taking over site functions, or redirecting your traffic.
To remediate these risks, you should immediately update to version 7.1.1 or higher, which fixes the vulnerabilities. Closely monitor your site for any suspicious activity and consider adding extra security plugins as a precaution.
Unfortunately, this is not the first time vulnerabilities have been found in Booster for WooCommerce - there have been 17 others since July 2018 that also required urgent updates. This underscores the importance of maintaining diligent security hygiene for your site.
As a business owner, staying on top of security can be daunting, but is so critical to protect your livelihood. Make a plan to regularly check plugin updates, backup your site, and learn best practices to harden your WordPress security. Don't let outdated plugins put you at risk - take action today to lock down vulnerabilities.
Don't tackle WordPress security alone - the consequences of a breach are too great. At Your WP Guy, our managed WordPress maintenance services include layers of protection like auto-updates, malware scanning, firewalls and 24/7 monitoring by WordPress experts. We become your outsourced IT team.
Let's chat about migrating your site to our managed hosting so you can finally stop worrying about security issues. We'll fully audit and lock down your site as part of onboarding. Call us at 678-995-5169 to keep your business safe online.