WordPress WooCommerce 2.2.10 Cross Site Scripting

2015-02-19T00:00:00
ID PACKETSTORM:130458
Type packetstorm
Reporter Eric Flokstra
Modified 2015-02-19T00:00:00

Description

                                        
                                            `====================================================  
Product: WooCommerce WordPress plugin  
Vendor: WooThemes  
Tested Version: 2.2.10  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
Risk Level: Medium  
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Solution Status: Solved in version 2.2.11  
Discovered and Provided: Eric Flokstra - ITsec Security Services  
====================================================  
[-] About the Vendor:  
  
WooCommerce is a popular open source WordPress e-commerce plugin with   
around 6.2 million downloads.It is built by WooThemes and designed for   
small to large-sized online merchants.  
  
[-] Advisory Details:  
  
The WooCommerce plugin gives users the ability to see their stores   
performance from month to month using graphs and stats. However   
insufficient validation on the request retrieving the reports is   
performed, enabling remote execution of arbitrary scripting code in the   
target's web browser. This scripting code will be executed within the   
security context of the WordPress admin panel.  
  
[-] Proof of Concept:  
  
http://example.com/wordpress/wp-admin/admin.php?page=wc-reports&"><script>alert('ITsec')</script   
<http://example.com/wordpress/wp-admin/admin.php?page=wc-reports&%E2%80%9D%3e%3cscript%3ealert%28%27ITsec%27%29%3c/script>>   
  
  
[-] Disclosure Timeline:  
  
[28 Jan 2015]: Vendor notification  
[29 Jan 2015]: Vulnerability confirmation  
[29 Jan 2015]: Vulnerability patched  
[19 Feb 2015]: Public disclosure  
  
[-] Solution:  
  
Update to version 2.2.11.  
  
[-] References:  
  
[1] WooCommerce Changelog --   
https://wordpress.org/plugins/woocommerce/changelog/  
[2] Common Vulnerabilities and Exposures (CVE) -- http://cve.mitre.org  
[3] Common Weakness Enumeration (CWE) -- http://cwe.mitre.org  
[4] ITsec Security Services BV -- http://www.itsec.nl  
  
------------------------------------------------------------------------  
ITsec Security Services bv. (KvK. 34181927)  
  
Postal Address:  
P.O. Box 5120, 2000GC Haarlem  
Visitors Address:   
Kenaupark 23, 2011 MR Haarlem  
  
Phone: +31 - (0)23 542 05 78  
  
The information contained in this email communication is confidential and is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient, you are hereby notified that any disclosure, copying,distribution, or taking any action in reliance of the contents of this information is strictly prohibited and may be unlawful. No rights may be attached to this message. ITsec does not accept any liability for incorrect and incomplete transmission or delayed receipt of this e-mail nor for the effects or damages caused by the direct or indirect use of the information or functionality provided by this posting, nor the content contained within.Use them at your own risk.  
  
  
  
`