Cross-site request forgery (CSRF) and stored Cross-site Scripting (XSS) in WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin <= 1.8

This plugin is vulnerable to a Cross-site request forgery (CSRF) vulnerability. Admin user can be tricked to visit a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings.

This function wc_tracking_for_google_and_facebook_setting, In file class-woo-ecommerce-tracking-for-google-and-facebook-admin doesn’t do any check against Cross-site request forgery (CSRF) and user capabilities. Also, when the data is printed on front-end (related file: class-woo-ecommerce-tracking-for-google-and-facebook-public.php), there’s no escaping done and stored XSS attack is possible.

Proof Of Concept:

Leave a Reply

Your email address will not be published. Required fields are marked *