Upsell Funnel Builder for WooCommerce Unauthenticated Order Manipulation Vulnerability

A vulnerability exists in the Upsell Funnel Builder for WooCommerce plugin for WordPress, affecting all versions through 3.0.0. The issue arises from the plugin's 'add_offer_in_cart' function, which allows unauthenticated users to manipulate product IDs and discount fields before the data is processed. This exploitation enables attackers to arbitrarily change the products and discounts associated with order bump items when they are added to the cart.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of order bump products and discounts, potentially leading to financial loss or exploitation of the WooCommerce checkout process.

Reproduction

To reproduce this vulnerability, an unauthenticated user can send a request to the 'add_offer_in_cart' function with a manipulated product ID and discount value. This can be done using JavaScript or a tool like Postman to simulate the request. The plugin will then process the request as if it were legitimate, applying the changes to the cart.

Remediation

Users are advised to update the Upsell Funnel Builder for WooCommerce plugin to version 3.0.1 or later.