The preferred Dynamic Pricing and Reductions plugin from Envato can be exploited by unauthenticated attackers.
A pair of security vulnerabilities in the WooCommerce Dynamic Pricing and Reductions plugin from Envato could allow for unauthenticated attackers to inject destructive code into internet sites managing unpatched versions. This can consequence in a variety of attacks, like web-site redirections to phishing internet pages, insertion of malicious scripts on product or service internet pages and much more.
The plugin, which has 19,700+ revenue on Envato Current market, delivers a wide range of pricing and promotion applications for on the net retailers, including special presents, bulk pricing, tiered pricing, bundle pricing, offers of the day, flash income, wholesale pricing, member pricing, individual pricing, loyalty systems, behavioral pricing, locale-primarily based pricing and so on. It also supports conditional value improve and more charges.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
According to researchers at the Ninja Systems Network, the two unauthenticated vulnerabilities impact model 2.4.1 and beneath. The very first is a higher-severity stored cross-web page scripting (XSS) bug the second is a medium-severity settings export challenge.
The XSS bug exists in the __construct approach of the “wc-dynamic-pricing-and-special discounts/lessons/rp-wcdpd-options.class.php” script, according to a Tuesday writeup from NinTechNet.
“It lacks a capacity verify and a security nonce and therefore is obtainable to everyone, authenticated or not,” researchers explained. “An unauthenticated user can import the plugin’s options. Since some fields aren’t sanitized, the attacker can inject JavaScript code into the imported JSON-encoded file.”
If thriving, the code will be executed on each individual product page of the WooCommerce e-shop, they additional. On top of that, attackers could substitute JavaScript code with any HTML tags, these as a Meta Refresh tag, which could be used to redirect guests and shoppers to a malicious web page.
Also, the import operate lacks a security nonce to avert against cross-web site request forgery (CSRF) attacks, exactly where a person can submit unauthorized instructions from a website that the web software trusts.
The 2nd bug exists due to the fact a main export functionality lacks a functionality check and is available to absolutely everyone, authenticated or not.
“An unauthenticated person can export the plugin’s settings, inject JavaSript code into the JSON file and reimport it working with the former vulnerability,” according to NinTechNet.
The issues are patched in version 2.4.2, while the CSRF check out is continue to not preset, scientists warned.
Customers of WooCommerce, the well-known e-commerce platform for WordPress, are no strangers to obtaining to patch security problems, and it is significant to hold on top rated of patching. Past month for instance WooCommerce rushed unexpected emergency fixes for a critical SQL-injection security vulnerability in the main system and a related plugin that experienced been underneath attack as a zero-day bug, for instance. The bug could make it possible for unauthenticated cyberattackers to make off with scads of facts from an on the web store’s database – nearly anything from shopper knowledge and payment-card information to worker qualifications.
Test out our free upcoming live and on-demand webinar functions – one of a kind, dynamic discussions with cybersecurity specialists and the Threatpost local community.
Some parts of this write-up are sourced from:
threatpost.com