cbcvebase.

Booster For Woocommerce vulnerabilities

37 known vulnerabilities affecting booster/booster_for_woocommerce.

Total CVEs
37
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH7MEDIUM27

Vulnerabilities

Page 1 of 2
CVE-2024-13744P1CRITICALCVSS 9.8Exploited≥ 4.0.1, < 7.2.52025-04-04
CVE-2024-13744 [CRITICAL] CWE-434 CVE-2024-13744: The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to miss The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code
nvd
CVE-2021-34646P2CRITICALCVSS 9.8PoC≤ 5.4.32021-08-30
CVE-2021-34646 [CRITICAL] CWE-290 CVE-2021-34646: Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to i
nvd
CVE-2024-13342P2CRITICALCVSS 9.8fixed in 7.2.52025-08-29
CVE-2024-13342 [CRITICAL] CWE-434 CVE-2024-13342: The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to miss The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may
nvd
CVE-2024-1986P2HIGHCVSS 8.8fixed in 7.1.82024-03-07
CVE-2024-1986 [HIGH] CWE-434 CVE-2024-1986: The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due t The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote
nvd
CVE-2023-48747P3HIGHCVSS 8.8fixed in 7.1.32024-06-04
CVE-2023-48747 [HIGH] CWE-287 CVE-2023-48747: Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Funct Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2.
nvd
CVE-2024-3957P3HIGHCVSS 7.3fixed in 7.1.92024-05-02
CVE-2024-3957 [HIGH] CWE-94 CVE-2024-3957: The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide.
nvd
CVE-2024-13708P3HIGHCVSS 7.2≥ 4.0.1, < 7.2.52025-04-04
CVE-2024-13708 [HIGH] CWE-434 CVE-2024-13708: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SV The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
nvd
CVE-2022-3762P3MEDIUMCVSS 6.5fixed in 1.1.7fixed in 5.6.5+1 more2022-11-21
CVE-2022-3762 [MEDIUM] CWE-22 CVE-2022-3762: The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress pl The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed t
nvd
CVE-2023-51511P3MEDIUMCVSS 6.5fixed in 7.1.32024-06-04
CVE-2023-51511 [MEDIUM] CWE-287 CVE-2023-51511: Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3.
nvd
CVE-2022-4017P3HIGHCVSS 8.8fixed in 6.0.12023-01-23
CVE-2022-4017 [HIGH] CWE-352 CVE-2022-4017: The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress pl The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks
nvd
CVE-2022-3763P3HIGHCVSS 8.1fixed in 1.1.7fixed in 5.6.5+1 more2022-11-21
CVE-2022-3763 [HIGH] CWE-352 CVE-2022-3763: The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress pl The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack
nvd
CVE-2023-40002P3MEDIUMCVSS 6.5≤ 7.1.12023-11-23
CVE-2023-40002 [MEDIUM] CWE-200 CVE-2023-40002: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions.
nvd
CVE-2023-52230P3MEDIUMCVSS 6.5≤ 7.1.32024-06-09
CVE-2023-52230 [MEDIUM] CWE-862 CVE-2023-52230: Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3.
nvd
CVE-2023-52232P3MEDIUMCVSS 6.5fixed in 7.1.22024-06-09
CVE-2023-52232 [MEDIUM] CWE-862 CVE-2023-52232: Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.
nvd
CVE-2023-52231P4MEDIUMCVSS 6.5fixed in 7.1.22024-03-28
CVE-2023-52231 [MEDIUM] CWE-200 CVE-2023-52231: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.
nvd
CVE-2023-48333P4MEDIUMCVSS 6.5≤ 7.1.12023-11-30
CVE-2023-48333 [MEDIUM] CWE-200 CVE-2023-48333: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.
nvd
CVE-2023-52234P4MEDIUMCVSS 6.5fixed in 7.1.22024-03-28
CVE-2023-52234 [MEDIUM] CWE-200 CVE-2023-52234: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite fo Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2.
nvd
CVE-2022-4016P4MEDIUMCVSS 6.5fixed in 1.1.8fixed in 5.6.6+1 more2022-12-12
CVE-2022-4016 [MEDIUM] CWE-352 CVE-2022-4016: The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress pl The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks
nvd
CVE-2025-64380P4MEDIUMCVSS 6.5fixed in 7.4.02025-11-13
CVE-2025-64380 [MEDIUM] CWE-79 CVE-2025-64380: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.
nvd
CVE-2025-64196P4HIGHCVSS 7.1fixed in 7.2.62025-11-06
CVE-2025-64196 [HIGH] CWE-79 CVE-2025-64196: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.2.5.
nvd
Booster For Woocommerce vulnerabilities | cvebase