WordPress Plugin Vulnerabilities

Discount Rules for WooCommerce < 2.1.0 - Multiple Vulnerabilities

Description

The Discount Rules for WooCommerce plugin (versions below 2.1.0) suffers from multiple vulnerabilities such as SQL injection, authorization issues and unauthenticated stored cross-site scripting.

The issues in this plugin are caused due to a lack of authorization and nonce token check. The plugin registers several AJAX actions of which one, wp_ajax_wdr_ajax, handles a bulk of different AJAX actions which are supposedly only be accessed by administrators.

Unfortunately this AJAX action is also registered as wp_ajax_nopriv_wdr_ajax. Even if wp_ajax_nopriv_wdr_ajax was not registered, authenticated users could still exploit this since wp_ajax_wdr_ajax does not perform any type of authorization or CSRF check.

Particularly the wdr_ajax_save_configuration method that can be executed in this AJAX action can cause significant damage to the site as it allows you to write any type of HTML or JavaScript to any template hook of the site, including wp-admin.

Affects Plugins

Plugin icon
woo-discount-rules
Fixed in 2.1.0

References

URL
https://www.webarxsecurity.com/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/

Miscellaneous

Original Researcher
Dave
Submitter
WebARX
Submitter website
https://www.webarxsecurity.com
Submitter twitter
webarx_security
Verified
No
WPVDB ID
f9048083-69aa-46d4-823d-1c9a1221513e

Timeline

Publicly Published
2020-08-20 (about 5 years ago)
Added
2020-08-20 (about 5 years ago)
Last Updated
2020-08-21 (about 5 years ago)

Other

Published
Title
Published
2015-05-13
Title
Media File Manager Advanced <= 1.1.5 - Multiple Vulnerabilites
Published
2020-03-12
Title
Popup Builder < 3.64.1 - Multiple Issues
Published
2014-12-31
Title
twitterDash 2.1 - CSRF & XSS
Published
2015-09-17
Title
xPinner Lite <= 2.2 - Cross-Site Scripting (XSS) & CSRF
Published
2019-01-10
Title
Ninja Forms < 3.3.21.3 - XSS and SQLi