This blog post is about the WooCommerce and Jetpack vulnerability. If you’re a WooCommerce and Jetpack user, please update the plugin to at least version 8.2.0 and 12.8-a.3 respectively.
You can sign up for the Patchstack Community plan to be notified about vulnerabilities as soon as they become disclosed.
For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies.
About the WooCommerce and Jetpack plugin
The plugin WooCommerce (versions get_item_title( $item ) ),
$this->block_name,
$image_url,
$style
);
}
return ”;
}
private function render_bg_image( $attributes, $image_url ) {
$styles=$this->get_bg_styles( $attributes, $image_url );
$classes=[ “wc-block-{$this->block_name}__background-image” ];
if ( $attributes[‘hasParallax’] ) {
$classes[]=’ has-parallax’;
}
return sprintf( ‘ ‘, implode( ‘ ‘, $classes ), $styles );
}
The affected variable on render_image function is $attributes['alt'] and $style. These block attributes are not properly sanitized. The usage of wp_kses_post on the $attributes['alt'] also cannot prevent the double quotes from breaking out from the image alt attribute. For the render_bg_image function, the vulnerable variable is on $styles.
The second vulnerable case comes from wp:woocommerce/mini-cart block. The vulnerable block attributes exist on get_markup, get_cart_price_markup, and get_include_tax_label_markup function. First, let’s view the get_markup function :
protected function get_markup( $attributes ) {
if ( is_admin() || WC()->is_rest_api_request() ) {
// In the editor we will display the placeholder, so no need to load
// real cart data and to print the markup.
return '';
}
$classes_styles =StyleAttributesUtils::get_classes_and_styles_by_attributes( $attributes, array( 'text_color', 'background_color', 'font_size', 'font_weight', 'font_family' ) );
$wrapper_classes=sprintf( 'wc-block-mini-cart wp-block-woocommerce-mini-cart %s', $classes_styles['classes'] );
if ( ! empty( $attributes['className'] ) ) {
$wrapper_classes .=' ' . $attributes['className'];
}
$wrapper_styles=$classes_styles['styles'];
$icon_color =array_key_exists( 'iconColor', $attributes ) ? $attributes['iconColor']['color'] : 'currentColor';
$product_count_color=array_key_exists( 'productCountColor', $attributes ) ? $attributes['productCountColor']['color'] : '';
// Default "Cart" icon.
$icon='
';
if ( isset( $attributes['miniCartIcon'] ) ) {
if ( 'bag'===$attributes['miniCartIcon'] ) {
$icon='
Source: patchstack.com
