CVE-2022-4016

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 49.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Booster Elite FOR Woocommerce Unknown Booster FOR Woocommerce Unknown Booster Plus FOR Woocommerce +1 more

Timeline

PublishedDec 12

Description

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5unknown/booster_plus_for_woocommerce< 5.6.6

▶CVEListV5unknown/booster_elite_for_woocommerce< 1.1.8

▶CVEListV5unknown/booster_for_woocommerce< 5.6.7

▶NVDbooster/booster< 1.1.8+2

🔴Vulnerability Details

CVEList

Booster for WooCommerce - Custom Role Creation/Deletion via CSRF↗2022-12-12

▶

GHSA

GHSA-fh57-58q7-6v93: The Booster for WooCommerce WordPress plugin before 5↗2022-12-12

▶