Rewterz Threat Advisory – CVE-2022-22938 – VMware Workstation and VMware Horizon Client Vulnerability
January 19, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
January 19, 2022Rewterz Threat Advisory – CVE-2022-22938 – VMware Workstation and VMware Horizon Client Vulnerability
January 19, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
January 19, 2022Severity
High
Analysis Summary
Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites.
CVE-2022-0215
XootiX Side Cart Woocommerce (Ajax) for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform arbitrary options update. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
The flaw impacts three plugins maintained by Xootix:
- Login/Signup Popup (Over 20000 installs)
- Side Cart Woocommerce (Over 4000 installs)
- Waitlist Woocommerce (Over 60000 installs)
“On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over 20,000 sites. A few days later we discovered the same vulnerability present in two additional plugins developed by the same author: “Side Cart Woocommerce (Ajax)”, installed on over 60,000 sites, and “Waitlist Woocommerce ( Back in stock notifier )”, installed on over 4,000 sites.” reads the advisory published by Wordfence. “This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site’s administrator into performing an action, such as clicking on a link.”
An attacker can abuse the issue to update the “users_can_register” (i.e., anyone can register) option on a site to true and set the “default_role” setting (i.e., the default role of users who register at the blog) to administrator, so that they can register on the vulnerable site as an administrator and completely take it over.
Impact
- Gain Access
Affected Vendors
WordPress
Affected Products
- XootiX Side Cart Woocommerce (Ajax) plugin for WordPress 2.0
Remediation
Upgrade to the latest version of Side Cart Woocommerce (Ajax) plugin for WordPress (2.1 or later) here: