WooCommerce, the favored e-commerce plugin for the WordPress content material administration system has been up to date to patch a severe vulnerability that could possibly be exploited with out authentication.
Directors are urged to put in the newest launch of the platform because the flaw impacts greater than 90 variations beginning with 5.5.0.
Owned by Automattic, the corporate behind the WordPress.com running a blog service, the WooCommerce plugin has greater than 5 million installations.
In a publish immediately, the WooCommerce staff says that the bug is vital and it additionally impacts the WooCommerce Blocks plugin for exhibiting merchandise on posts and pages.
Each plugins obtained an replace to model 5.5.1. The repair has been rolling out to affected variations (WooCommerce 3.3 via 5.5 and WooCommerce Blocks 2.5 via 5.5).
The vulnerability has but to obtain a monitoring quantity however its severity score has been calculated at 8.2 out of 10 by Patchstack, an organization that protects WordPress websites from plugin vulnerabilities.
Oliver Sild, the founder and CEO of Patchstack, offers some technical particulars in regards to the bug after noting that the patch eliminates the flaw by modifying two PHP recordsdata that allowed injecting malicious code in SQL statements with out the necessity to authenticate.
The injection was doable due to “a webhook search operate that injected the search parameter right into a SQL question with out utilizing a ready assertion.”
Sild explains that regardless of using the sanitize_text_field and esc_like features, the latter could possibly be used with no ready assertion, which not occurs in model 5.5.1.
As for the dearth of authentication, the researcher says that it was as a result of improper escape of the $attributes parameter in a public-facing endpoint that didn’t require authentication.
“The $attributes parameter on this endpoint (line 86) is taken from the person enter after which processed and injected right into a SQL question that was not correctly escaped,” Sild says.
The researcher clarified additional saying that “the one sanitization towards this parameter was the sanitize_title operate (via wc_sanitize_taxonomy_name). Nevertheless, this doesn’t present adequate safety.”
Affected WooCommerce installations are at present receiving the patch mechanically with the assistance of the WordPress.org Plugin Group. Websites on the WordPress.com running a blog platform have already obtained the repair.
On the identical time, the WooCommerce staff despatched out an email informing customers in regards to the vulnerability and that making use of it’s a vital precaution.
An attacker benefiting from this SQL injection flaw might receive store-related info, administrative particulars, and knowledge about orders and clients.
Patchstack has not seen any makes an attempt to use this vulnerability within the wild however menace actors could leap on the event earlier than the repair reaches extra websites.
WooCommerce strongly recommends updating to the newest model adopted by altering the passwords.
The builders realized in regards to the bug after a safety researcher named Josh reported it via Automattic’s bug bounty program on HackerOne. As per the rewards data for this system and on condition that WooCommerce marked the flaw as vital, the researcher stands to get a $500 bounty.