CVE-2024-12278
📋 TL;DR
The Booster for WooCommerce WordPress plugin has a stored cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject malicious scripts into website pages. These scripts execute whenever users visit compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin up to version 7.2.5 are affected.
💻 Affected Systems
- Booster for WooCommerce WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, deface the website, or redirect users to malicious sites.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies, redirect users to phishing pages, or display unwanted advertisements.
If Mitigated
With proper web application firewalls and input validation, the risk is reduced to minimal impact with potential script injection but limited execution.
🎯 Exploit Status
The vulnerability is in data sanitization functions, making exploitation straightforward for attackers with basic web security knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.2.6
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3262569/woocommerce-jetpack/trunk/includes/functions/wcj-functions-general.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Booster for WooCommerce' and click 'Update Now'. 4. Verify the plugin version is 7.2.6 or higher.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patching is possible
wp plugin deactivate woocommerce-jetpack
Web Application Firewall Rules
allImplement WAF rules to block XSS payloads targeting the vulnerable endpoints
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to limit script execution
- Enable WordPress security plugins with XSS protection features
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins → Installed Plugins. If version is 7.2.5 or lower, the site is vulnerable.Check Version:
wp plugin get woocommerce-jetpack --field=versionVerify Fix Applied:
After updating, verify the plugin shows version 7.2.6 or higher in the WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to comment or content submission endpoints
- JavaScript payloads in request parameters
- Multiple failed XSS attempts
Network Indicators:
- HTTP requests containing script tags or JavaScript code in parameters
- Unusual traffic patterns to WordPress comment/post endpoints
SIEM Query:
source="wordpress.log" AND ("script" OR "javascript" OR "onload" OR "onerror") AND ("POST" OR "PUT")🔗 References
- https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/functions/wcj-functions-general.php#L1015
- https://plugins.trac.wordpress.org/changeset/3262569/woocommerce-jetpack/trunk/includes/functions/wcj-functions-general.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/234789db-1440-40ac-83e7-b8afb0ba4b5f?source=cve
