Booster For Woocommerce vulnerabilities
37 known vulnerabilities affecting booster/booster_for_woocommerce.
Total CVEs
37
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH7MEDIUM27
Vulnerabilities
Page 2 of 2
CVE-2018-20966P4MEDIUMCVSS 6.1fixed in 3.8.02019-08-12
CVE-2018-20966 [MEDIUM] CWE-79 CVE-2018-20966: The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.
The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.
nvd
CVE-2024-12278P4MEDIUMCVSS 6.1fixed in 7.2.52025-04-01
CVE-2024-12278 [MEDIUM] CWE-79 CVE-2024-12278: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web
nvd
CVE-2024-29760P4MEDIUMCVSS 6.1fixed in 7.1.82024-03-27
CVE-2024-29760 [MEDIUM] CWE-79 CVE-2024-29760: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7.
nvd
CVE-2022-4227P4MEDIUMCVSS 6.1fixed in 5.6.32022-12-26
CVE-2022-4227 [MEDIUM] CWE-79 CVE-2022-4227: The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress pl
The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
nvd
CVE-2025-39446P4MEDIUMCVSS 6.1≤ 7.2.42025-05-19
CVE-2025-39446 [MEDIUM] CWE-79 CVE-2025-39446: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4.
nvd
CVE-2023-4945P4MEDIUMCVSS 5.4≤ 7.1.02023-09-14
CVE-2023-4945 [MEDIUM] CWE-79 CVE-2023-4945: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via mu
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject ar
nvd
CVE-2023-5638P4MEDIUMCVSS 5.4≤ 7.1.22023-10-19
CVE-2023-5638 [MEDIUM] CWE-79 CVE-2023-5638: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'w
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject
nvd
CVE-2024-1054P4MEDIUMCVSS 5.4fixed in 7.1.72024-02-29
CVE-2024-1054 [MEDIUM] CWE-79 CVE-2024-1054: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes it possible for authenticated attackers with contributo
nvd
CVE-2024-1534P4MEDIUMCVSS 5.4fixed in 7.1.82024-03-07
CVE-2024-1534 [MEDIUM] CWE-20 CVE-2024-1534: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to
nvd
CVE-2021-25001P4MEDIUMCVSS 6.1fixed in 5.4.92022-01-03
CVE-2021-25001 [MEDIUM] CWE-79 CVE-2021-25001: The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_creat
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue
nvd
CVE-2021-24999P4MEDIUMCVSS 6.1fixed in 5.4.92022-01-03
CVE-2021-24999 [MEDIUM] CWE-79 CVE-2021-24999: The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notic
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting
nvd
CVE-2024-9239P4MEDIUMCVSS 6.1fixed in 7.2.42024-11-20
CVE-2024-9239 [MEDIUM] CWE-79 CVE-2024-9239: The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due
The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can su
nvd
CVE-2023-4796P4MEDIUMCVSS 4.3fixed in 7.1.12023-10-20
CVE-2023-4796 [MEDIUM] CWE-200 CVE-2023-4796: The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_op
The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary
nvd
CVE-2021-25000P4MEDIUMCVSS 6.1fixed in 5.4.92022-01-03
CVE-2021-25000 [MEDIUM] CWE-79 CVE-2021-25000: The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delet
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue
nvd
CVE-2025-64379P4MEDIUMCVSS 4.3fixed in 7.5.02025-11-13
CVE-2025-64379 [MEDIUM] CWE-862 CVE-2025-64379: Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows E
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.
nvd
CVE-2024-9170P4MEDIUMCVSS 4.8fixed in 7.2.42024-11-26
CVE-2024-9170 [MEDIUM] CWE-79 CVE-2024-9170: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ShopManager-level access an
nvd
CVE-2022-41805P4MEDIUMCVSS 4.3fixed in 5.6.72022-11-18
CVE-2022-41805 [MEDIUM] CWE-352 CVE-2022-41805: Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPr
Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.
nvd
← Previous2 / 2