CVE-2022-3763 - Critical CSRF Vulnerability in Booster for WooCommerce WordPress Plugins

The Booster for WooCommerce WordPress plugin (versions before 5.6.7), Booster Plus for WooCommerce WordPress plugin (versions before 5.6.5), and Booster Elite for WooCommerce WordPress plugin (versions before 1.1.7) have a critical Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability allows attackers to trick a logged-in shop manager or admin into deleting files uploaded at the checkout stage, potentially causing data loss or disruption of e-commerce operations.

Description of the Vulnerability

This vulnerability occurs due to the lack of CSRF check when deleting uploaded files in the checkout process. Essentially, this means that if an attacker can convince a logged-in shop manager or administrator to click on a malicious link, they can perform unauthorized actions on behalf of the victim, leading to unintentional deletion of crucial files.

Here is a code snippet taken from the vulnerable plugin that highlights the lack of CSRF protection

function delete_file_callback() {
    $file_name = $_POST['file_name'];
    $upload_dir = wp_get_upload_dir();
    $path = $upload_dir['basedir'] . '/booster-for-woocommerce-uploads/' . $file_name;
    if ( file_exists( $path ) ) {
        unlink( $path );
    }
    die();
}

The following steps outline how an attacker can exploit this vulnerability

1. Assumption: The attacker knows that the target is using a vulnerable version of the Booster for WooCommerce plugin.
2. Craft a malicious URL that calls the vulnerable delete_file_callback() function and passes the target's file name as a parameter.
3. Convince the victim (shop manager or admin logged into their WordPress site) to click the malicious URL (can be achieved through social engineering tactics such as phishing emails).
4. When the victim clicks the URL, the delete_file_callback() function is executed, and the selected file is deleted without any verification or CSRF protection.

Mitigation and Remediation

The developers of the Booster for WooCommerce WordPress plugins released the following security updates to address this vulnerability:

To mitigate the risks of this vulnerability, users are advised to

1. Update the plugins to their latest versions by following the updates available at the official WordPress plugin repository:
  - Booster for WooCommerce
  - Booster Plus for WooCommerce
  - Booster Elite for WooCommerce

Review and restrict user access to only necessary roles and privileges.

3. Educate users responsible for managing the site to be cautious while clicking on any suspicious links and avoid falling for phishing attempts.

Conclusion

CVE-2022-3763 is a crucial CSRF vulnerability affecting multiple Booster for WooCommerce WordPress plugins. Exploiting this vulnerability can lead to unauthorized deletion of files, leading to data loss and disruption of e-commerce operations. Users are strongly encouraged to update their plugins to the latest secure versions and follow best practices to enhance the overall security of their WordPress site.

Timeline

Published on: 11/21/2022 11:15:00 UTC
Last modified on: 11/23/2022 16:53:00 UTC