The preferred Dynamic Pricing and Reductions plugin from Envato can be exploited by unauthenticated attackers.
A pair of security vulnerabilities in the WooCommerce Dynamic Pricing and Reductions plugin from Envato could allow for unauthenticated attackers to inject destructive code into internet sites managing unpatched versions. This can consequence in a variety of attacks, like web-site redirections to phishing internet pages, insertion of malicious scripts on product or service internet pages and much more.
The plugin, which has 19,700+ revenue on Envato Current market, delivers a wide range of pricing and promotion applications for on the net retailers, including special presents, bulk pricing, tiered pricing, bundle pricing, offers of the day, flash income, wholesale pricing, member pricing, individual pricing, loyalty systems, behavioral pricing, locale-primarily based pricing and so on. It also supports conditional value improve and more charges.
According to researchers at the Ninja Systems Network, the two unauthenticated vulnerabilities impact model 2.4.1 and beneath. The very first is a higher-severity stored cross-web page scripting (XSS) bug the second is a medium-severity settings export challenge.
The XSS bug exists in the __construct approach of the “wc-dynamic-pricing-and-special discounts/lessons/rp-wcdpd-options.class.php” script, according to a Tuesday writeup from NinTechNet.
Also, the import operate lacks a security nonce to avert against cross-web site request forgery (CSRF) attacks, exactly where a person can submit unauthorized instructions from a website that the web software trusts.
The 2nd bug exists due to the fact a main export functionality lacks a functionality check and is available to absolutely everyone, authenticated or not.
“An unauthenticated person can export the plugin’s settings, inject JavaSript code into the JSON file and reimport it working with the former vulnerability,” according to NinTechNet.
The issues are patched in version 2.4.2, while the CSRF check out is continue to not preset, scientists warned.
Customers of WooCommerce, the well-known e-commerce platform for WordPress, are no strangers to obtaining to patch security problems, and it is significant to hold on top rated of patching. Past month for instance WooCommerce rushed unexpected emergency fixes for a critical SQL-injection security vulnerability in the main system and a related plugin that experienced been underneath attack as a zero-day bug, for instance. The bug could make it possible for unauthenticated cyberattackers to make off with scads of facts from an on the web store’s database – nearly anything from shopper knowledge and payment-card information to worker qualifications.
Test out our free upcoming live and on-demand webinar functions – one of a kind, dynamic discussions with cybersecurity specialists and the Threatpost local community.
Some parts of this write-up are sourced from: