A couple of security flaws in Envato’s WooCommerce Dynamic Pricing and Discounts plugin might allow unauthorized attackers to execute arbitrary malicious scripts into unencrypted websites. This can lead to a number of assaults, such as website redirections to phishing pages, the injection of malicious codes on product pages, and so on.
The plugin, which has over 19,700 purchases on Envato Market, provides a number of pricing and marketing tools for e-commerce websites, such as bulk pricing, tiered pricing, special offers, deals of the day, bundled pricing, flash sales, wholesale pricing, member pricing, individual pricing, behavioral pricing, loyalty programs, location-based pricing, and so on. It also allows for conditional price increases and other costs.
As per Ninja Technologies Network experts, the two unauthenticated flaws affect versions 2.4.1 and lower. The first one is a high-severity stored cross-site scripting (XSS) vulnerability, while the other is a medium-severity configuration export issue.
As per a Tuesday post by NinTechNet, the XSS flaw resides in the __construct method of the “wc-dynamic-pricing-and-discounts/classes/rp-wcdpd-settings.class.php” script.
“It lacks a capability check and a security nonce and thus is accessible to everyone, authenticated or not,” researchers explained. “An unauthenticated user can import the plugin’s settings. Because some fields aren’t sanitized, the attacker can inject JavaScript code into the imported JSON-encoded file.”
They said that if the code is successful, it would be run on every product page of the WooCommerce e-shop. Furthermore, attackers may substitute JavaScript code with any HTML elements, including a Meta Refresh tag, to reroute users and customers to a fraudulent website.
Furthermore, the import operation misses a safety nonce to protect from cross-site request forgery (CSRF) attacks, which occur when a user submits illegal orders from a website which the web app trusts.
The second flaw arises because a fundamental export operation lacks an ability check and is available to all users, authorized or not.
“An unauthenticated user can export the plugin’s settings, inject JavaSript code into the JSON file and reimport it using the previous vulnerability,” according to NinTechNet.
The vulnerabilities have been resolved in version 2.4.2, however, the CSRF check has not been corrected, according to the researchers.
Clients of WooCommerce, WordPress’s popular e-commerce platform, are no novices to needing to patch security issues, and it’s critical to stay on top of patching. WooCommerce, for example, pushed emergency remedies for a serious SQL injection security flaw in the main platform as well as a related plugin that was attacked as a zero-day flaw last month. The flaw may allow unauthorized cyberattackers to steal a trove of information out of a digital store’s database, including everything from consumer data and credit card information to staff credentials.
