Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites.
XootiX Side Cart Woocommerce (Ajax) for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform arbitrary options update. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
The flaw impacts three plugins maintained by Xootix:
“On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over 20,000 sites. A few days later we discovered the same vulnerability present in two additional plugins developed by the same author: “Side Cart Woocommerce (Ajax)”, installed on over 60,000 sites, and “Waitlist Woocommerce ( Back in stock notifier )”, installed on over 4,000 sites.” reads the advisory published by Wordfence. “This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site’s administrator into performing an action, such as clicking on a link.”
An attacker can abuse the issue to update the “users_can_register” (i.e., anyone can register) option on a site to true and set the “default_role” setting (i.e., the default role of users who register at the blog) to administrator, so that they can register on the vulnerable site as an administrator and completely take it over.
Upgrade to the latest version of Side Cart Woocommerce (Ajax) plugin for WordPress (2.1 or later) here: