WooCommerce 2.0.12 Persistent XSS Details ============================================================================== Product: WooCommerce 2.0.12 Security-Risk: High Remote-Exploit: yes Vendor-URL: http://www.woothemes.com/woocommerce/ Advisory-Status: NotPublished Credits ============================================================================== Discovered by: Mirza Burhan Baig of BlacKBitZ.net! Affected Products: ============================================================================== WooCommerce 2.0.12 Description ============================================================================== "Ecommerce Plugin For Wordpress" More Details ============================================================================== I have discsovered a persistent Cross site scripting (XSS) inside WooCommerce 2.0.12(Latest Version), the vulnerability can be easily exploited and can be used to steal cookies, perform phishing attacks and other various attacks compromising the security of a user. Proof of Concept ============================================================================== Go to any of the products from below link: http://woo.browsepress.com/ Add any of the product to cart by filling all the details, click on "Add To Cart", now proceed to "View Cart" form the below Link: http://woo.browsepress.com/shop/beyond-the-moon/ Click on the "Calculate Shipping" > select the country which has no state already and put the below vector in the state field, and put the any postal code. #"> Now click "Update Total", now go to the top and click on the "Proceed To CheckOut" Wollah.. here you go with your own Cookie! Exploit ============================================================================== Goto the Cart Page and play with the vector, above vector will show you the Cookie, steal it... ;) Solution ============================================================================== Edit the source code to ensure that input is properly sanitised. -- Warm Regards, Mirza Burhan Baig http://BlackBitZ.net