CVE-2024-3957
published 2024-05-02CVE-2024-3957: The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows…
PriorityP351high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
0.88%
54.7th percentile
The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| booster | booster_for_woocommerce | < 7.1.9 | 7.1.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/class-wcj-product-by-user.php#L245https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3076207%40woocommerce-jetpack%2Ftrunk&old=3046146%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail=#file7https://www.wordfence.com/threat-intel/vulnerabilities/id/1653de8f-62eb-488b-9e97-8b30221b509f?source=cvehttps://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/class-wcj-product-by-user.php#L245https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3076207%40woocommerce-jetpack%2Ftrunk&old=3046146%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail=#file7https://www.wordfence.com/threat-intel/vulnerabilities/id/1653de8f-62eb-488b-9e97-8b30221b509f?source=cve
2024-05-02
Published