More Bugs Discovered In Discount Rules for WooCommerce Plugin

It hasn’t been long since we heard of multiple security bugs in the Discount Rules for WooCommerce Plugin. Yet, recently, researchers discovered some more vulnerabilities in the same plugin.

Bugs In Discount Rules for WooCommerce Plugin

Team Wordfence has found numerous bugs affecting the Discount Rules for WooCommerce Plugin. As elaborated in their recent post, they found multiple stored Cross-Site Scripting (XSS) flaws leading to authorization bypass.

Briefly, the vulnerabilities affected the “v2” and “v1” codebases of the plugin as well as the functionality to switch between the two codebases.

The bugs existed because of a lack of capability checks. Hence, they could allow any site visitor to modify, add, or delete discount rules or view coupons.

The difference between the “v2” and “v1” bugs was that the latter required an attacker to be signed-in. Also, the bugs affected more functions.

According to the researchers,

In addition to allowing attackers to view all available coupons on a site and activate, duplicate, and delete discount rules, at least two of the actions, savePriceRule and saveCartRule were also vulnerable to stored Cross-Site Scripting(XSS) in several of the rule fields.

Patch Rolled Out

The researchers found the bugs while working on their firewall to address the previously known plugin vulnerabilities. They reported the bugs to the developers on August 21, 2020, who released an initial patch on August 22, 2020. This patch prevented the users to switch between the ‘v1’ and ‘v2’ codebase.

After that, they released a large fix addressing most bugs on September 2, 2020. However, they still missed patching the CSRF vulnerability affecting the version switching functionality.

Later, on September 9, 2020, they deployed a third fix to address all the bugs.

Hence, now, all users must ensure updating their sites with the latest Discount Rules for WooCommerce version 2.2.1 asap.

In August, another team of researchers discovered multiple vulnerabilities in the WooCommerce plugin. The bugs also came under attack soon after disclosure.

Related posts

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs

Sign1 Malware Targeted Over 2500 WordPress Sites In Recent Campaign

Unsaflok Flaws Allow Unlocking Saflok Door Locks With Forged Cards