Close Menu
WordPress ExpertsWordPress Experts
    • Client Experiences
    • WordPress Forms
    • Page Builder Services
    • Woocommerce
    • WordPress Migration
    • WordPress Maintenance & Support
    • WordPress Theme Customization
    • Website Malware Removal
    • E-Learning
    WordPress ExpertsWordPress Experts
    • Tips and Tricks
    • WordPress
      • WordPress Errors
      • WordPress Themes
      • WordPress Performance
      • WordPress Plugins
      • WordPress SEO
        • Google AdSense
      • Vulnerabilities
      • Responsive WordPress Themes
    • WooCommerce
      • WooCommerce Tips
    • WordPress Security
      • Wordfence
    • Contact Us
    WordPress ExpertsWordPress Experts
    Home»Vulnerabilities»High-Severity Vulnerabilities Patched in Discount Rules for WooCommerce
    Vulnerabilities

    High-Severity Vulnerabilities Patched in Discount Rules for WooCommerce

    Wordpress ExpertsBy Wordpress ExpertsSeptember 18, 2020Updated:February 25, 2023No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    High-Severity-Vulnerabilities-Patched-in-Discount-Rules-for-WooCommerce
    Share
    Facebook Twitter LinkedIn Pinterest Email

    On August 20, 2020, the Wordfence Threat Intelligence team was made aware of several vulnerabilities that had been patched in Discount Rules for WooCommerce, a WordPress plugin installed on over 40,000 sites. We released a firewall rule to protect against these vulnerabilities the same day. During our investigation, we also discovered a separate set of vulnerabilities in the plugin that were not yet patched, and released a firewall rule to protect against these separate vulnerabilities the next day, on August 21, 2020.

    We reached out to the plugin’s team at Flycart on August 21, 2020, and received a response almost immediately. After we provided the full vulnerability disclosure, Flycart let us know that they were aware of one of the issues we disclosed, and released an interim patch on August 22, 2020. Flycart followed this up with a more comprehensive patch on September 2, 2020 and a patch that addressed the last of the issues on September 9, 2020.


    Description: Multiple Authorization Bypass leading to stored Cross-Site Scripting(XSS)
    Affected Plugin: Discount Rules for WooCommerce
    Plugin Slug: woo-discount-rules
    Affected Versions: < 2.2.1
    CVE ID: Pending
    CVSS Score: 7.4(High)
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
    Fully Patched Version: 2.2.1

    Discount Rules for WooCommerce is a WordPress plugin designed to work with the WooCommerce e-Commerce plugin to create custom rules for discounts, such as “2 for 1” specials.

    The vulnerabilities that were originally patched in the plugin were AJAX actions present in the “v2” codebase of the plugin that allowed any site visitor to add, modify, and delete these rules and view any existing coupons. Unfortunately, the plugin maintained a separate “v1” codebase containing an earlier version of this functionality. Anyone visiting the site could switch between the v1 and v2 codebase by visiting any page on the site and adding a awdr_switch_plugin_to query string parameter set to v1 or v2.

    if (isset($_GET['awdr_switch_plugin_to']) && in_array($_GET['awdr_switch_plugin_to'], array('v1', 'v2'))) {
    $awdr_switched_to_version = $version = sanitize_text_field($_GET['awdr_switch_plugin_to']);
    update_option('advanced_woo_discount_rules_load_version', $version);
    }

    The initial patch released on August 22, 2020, added a capability check to prevent this switching, but any sites using the “v1” code were still vulnerable.

    Once the plugin was set to use the “v1” codebase, a number of AJAX actions became available providing similar functionality to the patched actions in “v2”:

    add_action('wp_ajax_savePriceRule', array($this->discountBase, 'savePriceRule'));
    add_action('wp_ajax_saveCartRule', array($this->discountBase, 'saveCartRule'));
    add_action('wp_ajax_saveConfig', array($this->discountBase, 'saveConfig'));
    add_action('wp_ajax_resetWDRCache', array($this->discountBase, 'resetWDRCache'));
    add_action('wp_ajax_loadProductSelectBox', array($this->discountBase, 'loadProductSelectBox'));
    add_action('wp_ajax_loadCoupons', array($this->discountBase, 'loadCoupons'));</pre>
    <code></code> add_action('wp_ajax_UpdateStatus', array($this->discountBase, 'updateStatus')); add_action('wp_ajax_RemoveRule', array($this->discountBase, 'removeRule')); add_action('wp_ajax_doBulkAction', array($this->discountBase, 'doBulkAction')); add_action('wp_ajax_createDuplicateRule', array($this->discountBase, 'createDuplicateRule')); 

    Like the previous patched functions, the “v1” AJAX functions did not perform capability checks or nonce checks. Unlike the AJAX actions that were patched in the “v2” codebase, these actions did require a user to be logged in. Due to the nature of e-Commerce, most online stores allow potential customers to register before making a purchase, so this would not have been a major obstacle to attackers.

    In addition to allowing attackers to view all available coupons on a site and activate, duplicate, and delete discount rules, at least two of the actions, savePriceRule and saveCartRule were also vulnerable to stored Cross-Site Scripting(XSS) in several of the rule fields.

    For example, an attacker could send a POST request to wp-admin/admin-ajax.php with the action set to savePriceRule or saveCartRule and inject malicious JavaScript into one of the fields of a discount rule by adding it to the data parameter. The next time an administrator viewed or edited discount rules, the malicious JavaScript would be executed in their browser. Doing so could lead to site takeover by adding a backdoor to plugin or theme files, adding a malicious administrator, or any number of other actions.

    Source Credit – WordFence

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous Article700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
    Next Article WordPress 5.8.2 Security and Maintenance Release
    Wordpress Experts
    • Website

    As leading WordPress experts, we provide a full range of services to businesses worldwide, including high-quality blog content, custom website design and development, SEO optimization, e-commerce solutions, and ongoing maintenance. We specialize in crafting engaging and informative blog posts that drive organic traffic and enhance your online visibility. Our team is dedicated to delivering exceptional results and empowering businesses to achieve their online goals through innovative WordPress solutions.

    Related Posts

    Elementor

    How to Get Elementor Pro 3.29.0 Free: Safe Tips and Alternatives

    May 20, 2025
    WordPress

    How to Become a WordPress Expert: A Step-by-Step Guide

    May 7, 2025
    WordPress Plugins

    Elementor Pro 3.28.3 POR + 3.28.4 FREE Download

    April 29, 2025
    Add A Comment

    Comments are closed.

    fix hacked wordpress websites and remove malware
    fix wordpress issues
    create a wordpress website with elementor
    fix woocommerce issues and customize theme
    migrate or clone wordpress site to new host or domain
    Top Articles

    How to Get Elementor Pro 3.29.0 Free: Safe Tips and Alternatives

    May 20, 2025

    How to Become a WordPress Expert: A Step-by-Step Guide

    May 7, 2025

    Elementor Pro 3.28.3 POR + 3.28.4 FREE Download

    April 29, 2025

    Elementor Pro 3.27.2 Free Download: Unlock Advanced Website Design

    February 6, 2025
    • Client Experiences
    • WordPress Forms
    • Page Builder Services
    • Woocommerce
    • WordPress Migration
    • WordPress Maintenance & Support
    • WordPress Theme Customization
    • Website Malware Removal
    • E-Learning
    © 2025 WordPress Experts All rights reserved

    Type above and press Enter to search. Press Esc to cancel.