CVE-2022-28666 Scanner

The Custom Product Tabs for WooCommerce is a popular WordPress plugin used by WooCommerce store owners to add custom content tabs to their product pages. It is widely adopted by e-commerce businesses looking for more flexibility in displaying product information. Store owners and developers use this plugin to enhance the user experience by organizing product details efficiently. The plugin provides a straightforward interface for managing content tabs, allowing for dynamic content updates on product pages. However, its accessibility makes it a potential target for unauthorized actions if not properly secured. Being open source and frequently updated, it is maintained by a community and official developers, encouraging security and feature enhancements.

The vulnerability in question relates to a missing authorization check in the Custom Product Tabs for WooCommerce plugin. This flaw allows unauthenticated users to update the content settings of product tabs without having proper permissions. Since the access control mechanism is improperly set up, attackers can exploit it to alter tab content. This vulnerability is particularly concerning as it can lead to the dissemination of misinformation or harmful content in a site's product tabs. It's categorized as a medium-severity issue due to its potential for unauthorized data manipulation without user interaction. Affecting versions up to 1.7.7, it requires prompt attention and patching by site administrators.

The technical vulnerability exists in the &yikes-the-content-toggle endpoint, which lacks sufficient permission checks. An attacker can craft a POST request to the '/wp-json/yikes/cpt/v1/settings' endpoint, toggling content unauthorizedly. The request should include an 'X-Requested-With: XMLHttpRequest' header and a payload with 'toggle_the_content=false' to exploit this vulnerability. Upon successful execution, the service returns a 'success' message within a JSON response, confirming the settings update. It is important to note the need for no prior authentication, which significantly lowers the barrier for exploit attempts. The presence of a status code 200 indicates successful unauthorized modifications.

Exploitation of this vulnerability could result in significant impacts on a WooCommerce store's integrity. Unauthorized content changes may lead to misinformation being displayed on product pages, damaging customer trust and potentially violating advertising standards. There is also a risk of inserting malicious links or scripts within the content tabs, which can further lead to phishing attacks or compromise user data privacy. The company's reputation could be harmed if customers encounter objectionable or misleading information. Therefore, addressing this flaw is crucial to maintaining operational security and customer trust.

REFERENCES

• https://wpscan.com/vulnerability/2f20e14b-3a97-41c5-a3ce-054ed2450aa3/