Vulnerabilities found in five WooCommerce WordPress plugins, which have a combined total of more than 135,000 installs
Warnings were issued by the National Vulnerability Database (NVD) of the United States government on security flaws in five WooCommerce WordPress plugins, which might affect more than 135,000 installations.
On a scale from 1 to 10, the severity of many of the vulnerabilities can reach as high as Critical, earning them a rating of 9.8.
Every vulnerability has been given a unique CVE identity number, which is a Common Vulnerabilities and Exposures number given to vulnerabilities that have been detected.
1. WooCommerce’s Advanced Order Export
A Cross-Site Request Forgery (CSRF) attack can be launched against websites that have the Advanced Order Export for WooCommerce plugin installed. This plugin has been installed in over 100,000 websites.
A Cross-Site Request Forgery (CSRF) vulnerability is created when a plugin on a website contains a defect that enables an attacker to deceive a user of the website into carrying out an action that was not intended by the user.
Cookies are little text files that are stored in a user’s browser to indicate to a website that the user has already registered and is signed in. An adversary has the capability of assuming the privilege levels of an administrator. This grants the attacker complete control over the website, reveals critical information about customers, and opens up other vulnerabilities.
This particular flaw has the potential to result in the download of an export file. The description of the vulnerability does not include information about the file that an attacker could download.
It may be logical to presume that order data is the kind of file an attacker can access given that the aim of the plugin is to export WooCommerce order data.
The official description of the vulnerability is as follows:
“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin versions prior to and including 3.3.2 on WordPress leading to export file download.”
All versions of the Advanced Order Export for WooCommerce plugin that are older than or are equal to version 3.3.2 are susceptible to the security flaw that has been discovered.
2. WooCommerce’s Most Powerful Dynamic Pricing Plugin
The Advanced Dynamic Pricing plugin for WooCommerce, which has been installed on more than 20,000 different websites, is the second plugin that has been compromised.
It was determined that this plugin has two Cross-Site Request Forgery (CSRF) vulnerabilities, and those vulnerabilities affect all versions of the plugin that are older than 4.1.6.
The plugin’s objective is to simplify the process of formulating pricing and discount policies for retail establishments.
The first vulnerability, which has the CVE number CVE-2022-43488, could result in a “rule type migration.”
That is extremely ambiguous. It’s possible that the susceptibility has something to do with the fact that the price regulations can be altered; this is one assumption that can be made.
The following is the authorized description that was presented to the NVD:
“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin versions lower than or equal to 4.1.5 on WordPress leading to rule type migration.”
CVE-2022-43491 is the number that the NVD assigned to the CVE database for the second CSRF vulnerability that was discovered in the Advanced Dynamic Pricing for WooCommerce plugin.
The following is the official description of the vulnerability that can be found in the NVD:
“Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin versions lower than or equal to 4.1.5 on WordPress leading to plugin settings import.”
3. A plugin for WooCommerce called Advanced Coupons for WooCommerce Coupons
There are more than 10,000 installations of the third affected plugin, which is called Advanced Coupons for WooCommerce Coupons.
All versions of the plugin that are older than 4.5.01 are susceptible to the CSRF vulnerability that was found when the plugin was being tested.
4. WooCommerce Dropshipping via OPMC – A Crucial Component
The WooCommerce Dropshipping by OPMC plugin, which has over 3,000 installations, is the fourth piece of software that has been compromised.
Unauthenticated SQL injection is a vulnerability that is rated 9.8 (on a scale of 1-10) and is categorized as Critical. Versions of this plugin that are older than version 4.4 include this vulnerability.
An SQL injection vulnerability enables an attacker to modify the WordPress database and assume admin-level rights, make modifications to the database, delete the database, or even download sensitive data. In general, an attacker can do all of these things by exploiting the vulnerability.
The NVD provides the following description of this particular plugin vulnerability:
“The WooCommerce Dropshipping WordPress plugin versions prior to 4.4 do not appropriately sanitize and escape a parameter before utilizing it in a SQL statement via a REST endpoint that is open to unauthenticated users, leading to a SQL injection.”
5. Pricing based on a customer’s role for WooCommerce
Cross-Site Request Forgery (CSRF) flaws are present in the Role Based Pricing for WooCommerce plugin in two different places. There are two thousand instances of this plugin currently active.
An attacker will typically try to deceive an administrator or other user into clicking a link or carrying out some other action in order to exploit a CSRF vulnerability, as was discussed in reference to another plugin. Because of this, the attacker runs the risk of acquiring access to the user’s website authorization levels.
There is an 8.8 High risk associated with this vulnerability.
The following warnings can be found in the NVD description of the first vulnerability:
“The Role Based Pricing for WooCommerce WordPress plugin before version 1.6.2 does not have authorization and adequate CSRF checks. It also does not validate files to be uploaded, which allows any authenticated users, such as subscriber, to submit arbitrary files, such as PHP.”
The official description of the second vulnerability that can be found in the NVD is as follows:
“The Role Based Pricing for WooCommerce WordPress plugin before version 1.6.3 does not have authorization and proper CSRF checks. In addition, it does not validate path given via user input, which enables any authenticated users such as subscribers to carry out PHAR deserialization attacks when they are able to upload a file and a suitable gadget chain is available on the blog.”
Procedure to Be Followed
It is generally accepted as best practice to keep all vulnerable plugins up to date. It is also recommended that a backup of the site be created before any plugin changes be made, and (if at all possible) that the site be staged and the plugin be tested before any updates are made.