Quote:A pair of security vulnerabilities in the WooCommerce Dynamic Pricing and Discounts plugin from Envato could allow unauthenticated attackers to inject malicious code into websites running unpatched versions. This can result in a variety of attacks, including website redirections to phishing pages, insertion of malicious scripts on product pages and more.
The plugin, which has 19,700+ sales on Envato Market, offers a variety of pricing and promotion tools for online retailers, including special offers, bulk pricing, tiered pricing, bundle pricing, deals of the day, flash sales, wholesale pricing, member pricing, individual pricing, loyalty programs, behavioral pricing, location-based pricing and so on. It also supports conditional price increase and extra fees.
According to researchers at the Ninja Technologies Network, the two unauthenticated vulnerabilities affect version 2.4.1 and below. The first is a high-severity stored cross-site scripting (XSS) bug; the second is a medium-severity settings export problem.
The XSS bug exists in the __construct method of the “wc-dynamic-pricing-and-discounts/classes/rp-wcdpd-settings.class.php” script, according to a Tuesday writeup from NinTechNet.
“It lacks a capability check and a security nonce and thus is accessible to everyone, authenticated or not,” researchers explained. “An unauthenticated user can import the plugin’s settings. Because some fields aren’t sanitized, the attacker can inject JavaScript code into the imported JSON-encoded file.”
If successful, the code will be executed on every product page of the WooCommerce e-shop, they added. Additionally, attackers could replace JavaScript code with any HTML tags, such as a Meta Refresh tag, which could be used to redirect visitors and customers to a malicious website.
Read more: WooCommerce Pricing Plugin Allows Malicious Code-Injection
![[-]](https://www.geeks.fyi/images/collapse.png)
