According to Wordfence researchers, an authentication bypass vulnerability in a popular WordPress plugin. Allows attackers to take complete control of WordPress-powered ecommerce websites.
The Wordfence Threat Intelligence team discovered a vulnerability in the Booster for WooCommerce WordPress plugin. Which has over 80,000 active users.
Booster for WooCommerce is a WooCommerce addon plugin that enhances its functionality by allowing site owners to enable and disable various modules at any time. Moreover, one of the plugin’s modules is the Email Verification module. That requires users to verify their email address after registering on the site.
“Unfortunately, we found that this feature was insecurely implemented. Which made it possible for an attacker to impersonate any user and send a verification request. That could allow the attacker to easily recreate the token needed to “verify” the targeted user’s email. And be automatically logged in as that user.”
“This flaw made it possible for an attacker to log in as any user, as long as certain options were enabled in the plugin,” writes Wordfence’s Chloe Chamberland.
More about plugin’s vulnerability
Chamberland explains that the vulnerability found in the plugin’s Email Verification module. Moreover, which has a CVSS score of 9.8. Moerover, after registering on the site, users must verify their email address with the module.
The module, however, failed to perform the necessary security checks. Moreover, it allowing attackers to send a fake verification request as any user. And essentially log in with the forged identity.
“As such, an attacker could exploit this vulnerability to gain administrative access. On sites running a vulnerable version of the plugin. And effectively take-over the site,” describes Chamberland. More details of the vulnerability is available here.
In addition, the plugin has already been patched with version 5.4.4, and strongly recommended. Moreover, you should update to the most recent version of Booster for WooCommerce. And that is version 5.4.5 at the time of writing.
You may also like:
XSS vulnerability in SEOPress Plugin Could Risk Complete Site Takeover