CVE-2022-3763Cross-Site Request Forgery in FOR Woocommerce

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 63.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Booster FOR Woocommerce
Timeline
PublishedNov 21

Description

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

NVDbooster/booster< 1.1.7+2

🔴Vulnerability Details

2
GHSA
GHSA-q4cg-p4wr-gxc3: The Booster for WooCommerce WordPress plugin before 52022-11-21
CVEList
Booster for WooCommerce - Checkout Files Deletion via CSRF2022-11-21
CVE-2022-3763 — Cross-Site Request Forgery | cvebase